New Citibank Phishing Campaign Discovered

If you are a Citibank Customer, this article is for you

Phishing

Phishing is where the bad guys attempt to trick you into giving up your personal/financial information and or login credentials.

With each passing year, Phishing attacks become more and more convincing, this is another example of this threat evolving.

They have essentially copied the emails from official Citibank emails, including logos, formatting and even the spelling is good, which is often a giveaway that it’s fake. Even the sender address appears real at first glance.

The Scam

As mentioned above, these messages are very convincing copies and can vary from email to email. The goal however is to steal your credentials by telling you your account has been put on hold due to a suspicious transaction or suspicious login from another location.

Why This Works

Phishing is part of life in today’s world sadly. It’s just a small part of the social engineering fabric world we now live in.

They always have a “call to action” added in to give the message a sense of urgency in hopes to get you to react without thinking.

Sadly, any user that clicks on the link in the email will be taken to a credential harvesting website that will look like an official Citibank website.

If the user attempts to ‘verify their credentials’, they have just given the bad actors their login information. From their they will likely empty your bank accounts and run up your credit cards to the maximum.

The Solution

As I’ve said in each article I’ve written about Phishing, never click on a link in an emailed, often called an “embedded link”. Instead pick up the phone and call your bank directly

Failing that, open a private browser window and manually enter the website address and go to it. In a private browser window, it will be like you are using a new computer from the website’s point of view.

Here’s an earlier article I wrote on private browsing if you want more information on it.