Why You Need To Be Aware Of Online Fraud?

Why You Need To Be Aware Of Online Fraud?

Trends in online fraud

There are a range of online frauds and they come in various forms to lure you into giving your sensitive information. Once they get your information they can cause severe damage to your finances.

Fraudulent E-mails


Phony Websites





Fraudulent E-mails

The fraudulent E-mail appears to be from a legitimate bank and is intended to collect sensitive personal and financial information.

How to identify a fraudulent E-mail?

Click on    to expand and on    to minimize the details.

  • As a provider of online banking services, Citigroup does frequently communicate with its clients via E-mail. The majority of these communications are to provide you with information and updates about our services
  • If we request information from you, we'll always direct you back to a Citibank site using links. These are for your convenience - you can also reach our site ( using your bookmarks. You can add any of the Citibank URLs to your list of favorites or bookmark them
  • If you use a link in an E-mail from us, you can make sure that you are on a Citibank page by comparing it against the known URL you use to access your online banking application
Citibank E-mails

Click on    to expand and on    to minimize the details.

  • Citibank will ask you to enter your Citibank User ID and IPIN only when you sign on to Citibank Online (,
  • Citibank will send you E-mails with text links and banner links to information or promotions about Citibank products. Such promotions might invite customers to register their name and contact details (such as phone numbers or E-mail address)
  • Citibank will send you E-mails with text links and banner links for your convenience and you can always type in Citibank URLs directly into your Internet browser. (,
  • Citibank will ask you to fill any account details only on either or
  • Citibank will never send you urgent or time-sensitive E-mails that ask you to provide, update or confirm sensitive data like your Citibank Card number, IPIN, APIN, TPIN or expiration date, etc.
  • Citibank will never send you an E-mail with any input fields asking for personal, account or other sensitive information
Do's and Dont's

Click on    to expand and on    to minimize the details.

  • All forms should be filled only on Citibank website starting with, and
  • Make sure that the URL provided in the E-mail leads to a valid website. All genuine Citibank URLs will begin with, and
  • Open E-mails only when you know the sender. Be especially careful about opening an E-mail with an attachment. Even a friend may accidentally send an E-mail with a virus
  • Check the sender E-mail address to verify that it is from a valid E-mail account
  • Type the entire Citibank website address on your browser to sign on to Citibank Online (Internet Banking) page
  • Keep your operating system and browser up-to-date. Software updates often include security enhancements that you can usually download free from the particular software provider
  • Leave suspicious sites
  • Be alert of scam E-mails
  • Open E-mails only when you know the sender
  • Be careful before clicking on a link contained in an E-mail or other message
  • Make sure your home computer has the most current anti-virus software. Install a personal firewall to help prevent unauthorized access to your home computer
  • Monitor your transactions
  • Act quickly if you suspect fraud. Please contact us immediately at 24x7 CitiPhone
  • Never fill an E-mail with input fields that ask you for sensitive data such as User ID, Passwords, IPIN, ATM PIN and account number information
  • Never fill in a form that you have accessed via an E-mail link with sensitive data such as User ID, Password, IPIN, ATM PIN and account number information unless you are on the secure Citibank website
  • Don't click on links in unsolicited E-mails, especially those asking for personal information. Even if you don't supply it, just clicking can enable thieves to access your computer, record your keystrokes and capture passwords you use to sign on to various websites
  • Do not open or follow instructions on any E-mail asking you to verify information. Citibank will never send any E-mail asking you to verify any sensitive information
Phony websites

They are fraudulent websites created to look identical to those of a legitimate bank or trusted company. Phony websites, also known as 'spoofed websites' use an organization's website graphics and logos, but are actually set up in an attempt to steal sensitive personal and financial information. Once you're at one of these spoofed sites you might unwittingly enter personal information that will be transmitted directly to the person who created the site who then might use this information to purchase goods, apply for a new credit card, or even steal your identity.

How to identify Phony websites?
  • Phony websites will not contain the padlock sign on right hand side of the URL
  • Phony websites will not begin with HTTPS in the URL bar
  • They appear to be the official site of a well-known and respected institution
  • They have the names of real people
  • They have the right logos and branding
  • They use links to pages on the real website and have official-looking fine print
  • They use genuine pages copied to a new fake address
  • They lure customers through "spam" E-mail
What kind of mails do the fraudsters send?
  • Fake security and maintenance upgrades
  • "Your account has been randomly selected for maintenance and placed on 'Limited Access' status, please enter your account details to re-activate your service"
  • "Please provide your account details to re-activate your account following the introduction of a new security system which will help you avoid fraudulent transactions and keep your investment safe"
  • False bills and charges
  • "Your domain name registration is due for renewal; please enter the following information exactly as it appears on your Credit Card statement. This will be compared to the information your bank has on file for your Card to verify your payment"
  • "You have won a free gift (or prize), simply complete your Credit Card details for postage and handling costs and we'll send it out to you"
Do's and Don'ts
  • Avoid clicking on links provided in a suspicious looking E-mail
  • Save or "bookmark" frequently visited and trusted websites to your list of favorites, then access those sites through your saved links
  • Inspect a URL carefully for the presence of an "@" symbol, for example This is a common sign of fraudulent websites. Even if the URL contains the phrase "Citibank" it does not ensure that it is Citibank's website
  • Be very suspicious of websites that display an IP Address, or numerical address (e.g.,, in your web browser's address bar instead of a domain name (e.g.,
  • Safely access your accounts online by opening up a new web browser each time

'Phishing' masks an identity on the web. Victims are encouraged to visit phony websites that resemble those of legitimate organizations, often through a fraudulent E-mail. Lured to a phishing site, users are asked to enter sensitive information, such as a PIN, password or bank account number. Once they get your information they can cause severe damage to your finances.

How does phishing work?

Phishing works by the malicious user sending millions of bogus E-mails that appear to come from popular websites or from sites that you trust, like your bank or a Credit Card company. The E-mails and the website links they often send you, look official enough that they deceive many people into believing that they're legitimate.

What you can do to protect yourself?
  • Never respond to requests for personal information via E-mail. If in doubt, call the institution that claims to have sent you the E-mail
  • Visit websites by typing the URL into your address bar
  • Check to make sure the website is using encryption
  • Routinely review your Credit Card and bank statements
  • Report suspected abuses of your personal information to the proper authorities

Vishing is a new trend in online frauds. It is a combination of the words, voice and phishing. While Phishing involves the use of E-mails to trick you into providing your personal details, vishing uses voice or telephone services. If you use a Voice over Internet Protocol (VoIP) phone service, you are particularly vulnerable to a vishing scam.

How do you identify a vishing call?

A typical vishing call involves a scammer, posing as an employee from your bank or another organization, claiming to need your personal details. They could tell you many different reasons why they need this information from you.

Even if you use your telephone keypad or keyboard to type in your details, if you are on the line, the scammer can record them.

What you can do to help protect yourself?
  • Do not comply
  • Do not use a contact number provided by the caller
  • Call the institution directly to check the legitimacy of the request