Sofia serves as the Chief People and Customer Officer at Aura. Before Aura, she was the Chief People Officer at Zerto, a global IT resilience firm. She has an MS/BA in Economics from Northeastern University.
Alina Benny is a writer and editor at Aura, covering the gamut of security topics for the company, including online safety, identity theft, and fraud. Before Aura, she oversaw part of Nextiva’s marketing efforts. She holds a bachelor's degree in Electronics Engineering from the Cochin University of Science and Technology and has nearly a decade in content marketing. Twitter: @heyabenny
The only thing that California residents Chapman Ng, Stephen Lee, and Kai Chin have in common is that they're all Citibank customers — and they each lost between $65,000 and $81,000 to different Citibank scams last year [*].
Unfortunately, they are among the many unsuspecting victims of devastating bank scams.
Worldwide, bank fraud and identity theft doubled from 2021 to 2022 [*].
Scammers are especially interested in your bank account, and are constantly looking for new angles, loopholes, and scams to gain access to your funds. For Citibank customers, this can mean falling prey to traps like phishing emails, SIM swaps, imposter phone calls, and more.
In this guide, we’ll explain how Citibank scams work, the most common scams that Citibank customers face, and what to do if you become a victim.
{{show-toc}}
What Are Citibank Scams? How Do They Work?
Citibank scams happen when fraudsters impersonate Citibank employees or other officials in order to infiltrate customer accounts, trick victims into transferring money, or lure them into giving up sensitive information that can be used to steal their identities.
Scammers understand that customers implicitly trust their banks. They use scams to abuse that trust and manipulate victims. The idea is simple, but the scams are often complex and hard to catch.
Some of the latest Citibank scams include:
Impersonation scams. Scammers often pretend to be Citibank employees, government officials, or IT tech support personnel trying to “help” victims. They use a variety of threats and coercion tactics to get victims to send them money or sensitive information.
Account verification scams. Citibank customers may receive fake fraud alerts claiming that their accounts will be locked unless they “verify” their identities by providing passwords, bank account numbers, and more.
Smishing texts. Citibank sends texts to its customers about account updates and transactions. Scammers mimic these texts to trick you into contacting them and giving up your account details.
Fraudulent emails. Fraudsters also use emails to target their victims, creating bogus messages or alerts that look like they’re from Citibank. But these emails include malware hidden in attachments or links to spoofed websites.
Spoofed websites. Hackers create fake websites that look just like the official Citibank login page. If you enter your login information on one of these websites, hackers can use it to access your checking and savings accounts.
The bottom line: Citibank will occasionally contact you via emails, texts, or phone calls if they detect unusual activity on your account. But a Citibank employee will never ask for your card PIN, temporary access code, or online banking password.
Example: A Citibank Phishing Email That Almost Worked
Fake fraud alert phishing emails are among the most common tactics that scammers use. Unfortunately, scammers are getting more talented at copying legitimate emails from your bank.
At first glance, you might believe this is an actual email from Citibank. It uses the Citi logo, follows the expected format and structure, and explains a plausible, and panic-inducing scenario.
But if you look closely, there are some things that don’t add up.
Here are warning signs indicating that this email is a scam:
It doesn’t come from an official citibank.com email address. The sender’s name is “Citibank” — but the email address suggests something else entirely. Any email user can change their “from” name to look like the message is coming from an official email address.
The logo is low quality and doesn’t match the email’s formatting. Citibank employs designers that wouldn’t use a poor quality logo in company emails.
The email addresses the recipient as “Customer.” Citibank knows its customers’ names. When the bank contacts you, it will use your name instead of referring to you in a generic greeting.
The message contains bad spelling and awkward phrasing. The email includes incomplete and run-on sentences, as well as strange capitalization (for example, “Account” and “Your” are capitalized inconsistently throughout).
The message creates a sense of urgency. Scammers want you to act without thinking and will contrive stressful situations — such as “suspicious login attempts” and a “limited” account.
🛡 Get award-winning digital security and identity theft protection. Aura’s all-in-one solution protects your most sensitive information and financial accounts from scammers. Try Aura free for 14 days and secure your bank account.
The 8 Latest Citibank Scams To Avoid in 2023
In the United States, fraud victims lost nearly $8.8 billion last year alone, according to the Federal Trade Commission (FTC) [*].
Identity thieves are almost always financially motivated. Here are the most common Citibank scams that you need to be aware of this year:
1. “Your Citi debit card is locked” text message scams
This scam starts with a simple text message claiming that Citibank has temporarily locked your debit card to prevent fraud. But if you click on the link, you’ll be taken to a spoofed Citibank website that steals your login information.
How to spot and avoid this scam:
Always double-check fraud alerts before responding to them. Your first step should always be to attempt to log in to your Citibank account, either through your mobile banking app or the official Citi.com website — not by using the link in the text message.
Check the shortcode from which the message was sent. Citibank will never text you from a standard 10-digit telephone number. Official text messages from Citibank about fraud will only come from its five-digit shortcode: 95686 [*].
2. Tech support scammers taking control of your Citibank account
Fraudsters often impersonate tech support agents, either from Citibank itself or other trusted companies like Best Buy, Microsoft, or Apple. In these scams, you’ll be contacted directly about a fake problem with your bank account or you’ll receive a pop-up message in your web browser telling you to contact tech support.
But once on the phone, the scammers will convince you to download remote access software like AnyDesk, which gives them full access to your device — and potentially your bank account.
In one example, a New York woman called the phone number in a pop-up alert and was connected to someone claiming to be from Citibank IT support. While on the phone, she received legitimate-looking Citi ID codes to her phone and was told to change her password. The next day, her account was missing $35,000 [*].
How to spot and avoid this scam:
Never click on links included in pop-up alerts. If an alert instructs you to log in to your account, navigate manually to your account by typing the web address into your browser. Don’t use incoming links to navigate to any banking-related websites.
Don’t call numbers in texts or pop-ups about issues with your account. Pop-ups and text messages are both easy to spoof. If you have to contact Citibank tech support, use one of the phone numbers on the official Citi.com website.
3. Phishing email scams asking you to verify personal information
This scam uses spoofed emails to trick you into thinking your account has been suspended — and then asks you to provide sensitive information to have it reopened.
But any information you provide — either by clicking on a link or downloading an attached form — goes straight to the scammers.
A new variation of this scam tries to get you to give up your one-time PIN access code as well, granting scammers access to your account, even if you have two-factor authentication (2FA) enabled [*].
How to spot and avoid this scam:
Always verify whether your account is really “suspended.” If you have Citibank’s mobile app installed, you can log in to quickly check if your account is safe. Make sure you log in using a secure app, or by manually typing the address into your web browser.
Don’t buy into the urgency. If Citibank really does limit or suspend your account, it’s to prevent scammers from accessing it. Your money is safe with the bank, and there is no need to act quickly to avoid losing any funds.
⚡️ Get warned before you click on phishing links. Aura’s award-winning digital security solution can warn you if you’re on a fake website and about to give scammers your sensitive information. Try Aura free for 14 days.
4. Fake high-yield bond investment opportunities from Citibank
Scammers know you’re more likely to trust them if you reach out to them first. In this scam, fraudsters pose as government bond investment experts from financial institutions like Citigroup, JP Morgan, and Wells Fargo. But any money you “invest” with these scammers disappears, or will suddenly be subject to bogus taxes and fees.
Government bonds are especially attractive for older, high net-worth individuals who are familiar with finance. Scammers impersonating wealth advisors may have in-depth knowledge of bond markets and other financial instruments, making it hard to catch them in a lie.
How to spot and avoid this scam:
Verify the identity of advisors and brokers. Make sure you can contact advisors via the official telephone number of the institution they claim to work for. Look for independent, third-party evidence that your wealth advisors are who they say they are.
Work with brokers you can visit in person. Never send large sums of money to any brokers without meeting them at least once, in their office, at the official headquarters of the institution for which they claim to work.
5. Scammers spoofing the Citibank fraud department’s phone number
In this scam, victims receive a phone call that appears to be from Citibank’s fraud department (using a spoofed phone number to look legitimate on Caller ID). On the phone, scammers claim there’s an issue and then ask to “verify” their victim’s identity by asking for sensitive information, such as a Social Security number (SSN) or bank account number.
This is especially sneaky because legitimate fraud specialists would also need to verify your identity before talking about your account’s security.
How to spot and avoid this scam:
Hang up and call Citibank’s fraud department directly. Don’t disclose information to anyone who calls you. Instead, hang up and call back Citibank using the phone numbers listed in the company’s onlineSecurity Center.
6. SIM swap scams that give scammers access to your Citibank account
Two-factor authentication (2FA) is one of the best methods to protect your Citibank account. But if you receive your 2FA codes via SMS, scammers could target you with a SIM swap scam to gain access to your Citibank account.
In a SIM swap scam, fraudsters impersonate you when they contact your mobile provider. Then, they request a new SIM, which reroutes all incoming SMS messages and calls to their phone. When they try to access your account, the 2FA code goes straight to the phone that they control.
The biggest danger with this scam is that Citibank won’t recognize the fraud. The bank may not accept responsibility for your phone number being stolen, which means it may deny your fraud claims.
How to spot and avoid this scam:
Use an authenticator app instead of SMS. Authenticator apps aren’t tied to your phone number and offer a more secure way to use two-factor authentication.
Secure your phone accounts. Most mobile carriers allow customers to set PIN codes and security questions when making changes to their accounts. You may even be able to ask for call-back verification whenever account changes occur.
Scammers love payment apps like Zelle and Venmo because they’re easy to use and almost impossible to reverse or refund once a transfer has been made.
In these scams, fraudsters start by sending a fake “transfer confirmation” text message. If you try to dispute the transaction, you’ll eventually be told that your Citibank account has been compromised and you need to transfer your money into a “secure account” to keep it safe. In reality, scammers are convincing you to send them your entire savings account.
Zelle scams have become increasingly popular with cybercriminals targeting customers from other banks, such as Bank of America and Wells Fargo.
How to spot and avoid this scam:
Always verify payment notifications on your actual account. Don’t trust SMS messages claiming that you’ve made a payment. Log in to your Citibank or Zelle account the way you usually do (without clicking on any SMS links) and confirm if a payment was really recorded.
Never reply to SMS messages about your bank account. Citibank will never ask customers to confirm or verify any activity over SMS. If you receive this kind of message, it’s always a scam.
8. Robocalls promoting special interest rates or other offers
Scammers use automated robocallers to target tens of thousands of victims a day with fake offers or fraud alerts.
In one particularly insidious scam, fraudsters used robocallers to offer lower interest rates on Citi credit cards — all you needed to do was call back the number and provide your credit card number and other sensitive information which scammers could then use to steal your identity.
How to spot and avoid this scam:
Don’t trust robocalls. Companies need your permission to legally contact you with a robocall. If you don’t recognize the company or weren’t expecting the offer, hang up and report it to the Federal Trade Commission (FTC) atReportFraud.ftc.gov.
Never give up account information to someone who calls you. Whenever you receive a warning about your Citibank account, double-check your account to see if the warning shows up when you log in. Don’t provide credit card information or other sensitive details until you’ve verified the caller and what they’re saying.
Did You Send Money or Give Information to a Scammer?
Check your Citibank account for signs of fraud. Log in to your Citibank account by using the mobile app or official website and check for suspicious activity on your account. If you can’t gain access to your account, it could be hacked. In that case, choose the “Forgot User ID or Password” option from the login screen.
Contact Citibank’s “Identity Theft Solutions” team. Citi operates multiple fraud hotlines to help customers respond to identity theft. Notify the bank quickly so that you can act before your account is compromised.
“Quick Lock” your debit or credit card. Citibank customers can lock their cards directly from the Citi website and mobile app. This instantly prevents scammers from using your card to make payments or withdraw money.
File an official identity theft report with the FTC. If you think your personal information has been compromised, file an official identity theft report with the FTC at identitytheft.gov. This report is extremely helpful when disputing fraudulent charges and recovering from identity theft.
Dispute any unrecognized charges. Check your bank account for unrecognized charges and dispute each one. If you have an identity theft report from the FTC, you can present it to Citibank and request that fraudulent charges be dropped.
Freeze your credit with all three credit bureaus. Credit freezes prevent scammers from using your identity to open new accounts in your name. You’ll have to request a credit freeze from each of the three major credit reporting bureaus individually — Experian, TransUnion, and Equifax.
Report any future phishing messages to Citibank. You may receive additional phishing messages and fraudulent alerts over time. Make sure you report every new message to the fraud specialists at Citibank by contacting the Citi Security Center.
Consider signing up for identity theft protection with credit monitoring. Aura provides award-winning financial safety to customers by protecting them against identity theft and credit card fraud. Sign up for round-the-clock credit monitoring and 24/7 access to U.S.-based Fraud Resolution Specialists.
🥇 Don’t settle for second-best protection. Aura’s all-in-one intelligent safety solution has been rated #1 by Money.com, Tech Radar, Forbes, USA Today, and more. Try Aura free for 14 days and safeguard yourself against scammers.
How To Protect Your Bank Account From Cybercriminals
It takes more than a strong password to protect your bank account from professional scammers.
Here’s how you can help shield yourself from falling victim to Citibank scams:
Don’t give out account numbers, passwords, PINs, or one-time-use codes. Legitimate Citibank employees will never ask for this information. Anyone who does is trying to hack your bank account.
Make sure your Citibank account password is unique and includes a combination of upper and lower case letters, numbers, and symbols. Reused passwords may be exposed indata breaches. If hackers find your passwords in a breach, they will try to use them on other platforms, including your bank.
Enable two-factor authentication (2FA) using a secure authenticator app. Don’t use vulnerable authentication methods like SMS. Authenticator apps like Google Authenticator are much more secure.
Secure your Citi Mobile App using Touch or Face ID. Biometric authentication is much harder for hackers to bypass without direct access to your phone.
Never click on links in unsolicited emails or texts. If you want to visit a website, type the URL manually into your web browser instead.
Always verify information in texts, calls, and emails. If there is really an issue with your account, Citibank will let you know the moment you log in or speak to an employee.
Always log in to your Citibank account by using the secure mobile app or by typing the URL directly into a web browser. This ensures that you are interacting with the legitimate Citibank website – not a spoofed login page.
The Bottom Line: Keep Criminals Out of Your Citibank Account
Sometimes, being diligent and asking questions aren’t enough to stop a scammer. When it comes to the most sophisticated scams, it takes constant monitoring to keep fraudsters away from your money.
Aura can give you peace of mind by protecting you and your accounts from scammers.
As an all-in-one digital security solution, Aura combines real-time credit monitoring and fraud alerts with safe browsing capabilities and a $1 million insurance policy against costs incurred by identity theft. Let Aura safeguard your bank account so that you can save and spend securely.
Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.
Is this article helpful so far?
Yes
No
Skip
Need an action plan?
No items found.
Is your child ready for a cell phone? Take this quiz to find out.