- Security Center Home
- Protect Yourself from Fraud
Protect Yourself from Fraud
Identifying fraud early is paramount
Citi's Fraud Early Warning reviews your accounts for fraudulent activity, free of charge. You can help protect yourself from fraud by familiarizing yourself with the many ways in which fraud can appear in your account, email, phone, or your computer.
Make account check-ins a habit.
Nobody knows your accounts better than you. That's why monitoring your account activity is one of the best ways to help protect yourself against fraud.
Review your account information
Sign on at least once a week and review your account information. If you notice any changes to your account that you didn't make, contact us immediately. It's important to let us know when your email address or phone number has changed. You can view and update the information we have on file for you by signing into your account.
Reassess who has account access
Regularly review who has access to your account to ensure any authorized users are current. This is especially important for business accounts.
Look over your transactions
Review your bank and credit card unbilled transactions regularly to make sure these only reflect transactions you have made. If you spot a problem, contact us immediately. You can also temporarily lock your account using the Quick Lock feature, to help prevent further potential unauthorized usage.
Set up Account Alerts
Get alerts delivered to your mobile phone so you can stay updated on your account activity. Set up Account Alerts
Check your credit report regularly
Make sure all the accounts listed are ones you've created, so you can minimize the damage to your credit score. For a copy of your credit report, contact one of the three major credit reporting agencies. (Experian: 1-888-397-37421 8 8 8 3 9 7 3 7 4 2; TransUnion: 1-800-916-88001 800 9 1 6 8 8 0 0; Equifax: 1-800-685-11111 800 6 8 5 1 1 1 1)
Keep your identity where it belongs—with you.
Learn how to spot the signs of identity theft and steps you can take to ensure your identity remains protected.
-
What is identity theft?
It's when someone obtains essential information about you—such as your social security number, date of birth, and mother's maiden name—and uses it to open a credit card, bank accounts, loans and even mortgages in your name.
-
How to protect yourself
Make your User ID and Password as secure as possible
A good password is paramount to your security. Avoid using a password or a variation of a password that you already use on another website. Also, avoid using any variation of your name, or names of family members or pets, as these can sometimes be found on social media. Focus on length and complexity. Adding a "1" or a "!exclamation mark" to the end, or substituting "$" for "S" are combinations that are easily hacked — increase complexity to better protect yourself.
Don't send sensitive information via email
Never e—mail your password, account number, social security number or other sensitive information to anyone.
Never leave your computer unattended
Complete your banking tasks and end your web sessions by always signing off.
Be careful how much personal information you post online
When visiting social networks, remember that sharing information like your birth date, phone number, email address, location and photos can put your identity at risk.
Never write down PINspins and passwords
Memorize them instead. Writing your PIN on your debit card enables anyone in possession of it to access your account — do not write it down anywhere, especially not on your card. For your security, you should change your ATM PIN periodically.
-
How to spot identity theft
Identity thieves can strike even if you've been very careful with your personal information. Some hints of identity theft may include:
• Failing to receive bills or other mail.
• Receiving cards or billing statements on accounts for which you did not apply.
• Receiving calls from debt collectors or companies about merchandise or services you didn't buy.
• Noticing a sudden drop in your FICO score.
If you think you may be a victim, you can obtain a copy of your credit report from each of the three major credit reporting agencies (Experian: 1-888-397-37421 8 8 8 3 9 7 3 7 4 2; TransUnion: 1-800-916-88001 800 9 1 6 8 8 0 0; Equifax: 1-800-685-11111 800 6 8 5 1 1 1 1). If it's accurate and includes only those activities you've authorized, chances are no one has attempted to open accounts in your name. You will not be liable for transactions made with Citi consumer credit or debit cards relating to accounts opened in your name without your authorization.
-
Terms to know
Credit Monitoring
Credit monitoring services track activity on your credit reports at one, two, or all three of the major credit reporting agencies. If you identify activity that might result from identity theft or a mistake, you can take steps to resolve the problem before it grows.
Fraud Alert
A fraud alert puts a red flag on your credit report which requires businesses to take additional steps, such as contacting you by phone, before opening a new account.
Security Freeze (also known as Credit Freeze)
A security, or credit, freeze allows you to restrict access to your credit report, making it difficult for others to open accounts using your identity. Fees vary based on where you live but commonly range from $5dollars -to $15dollars per bureau. The cost to lift a freeze varies by state.
More information about identity theft can be found on the FTC Website.
If your identity is ever stolen, use the free services offered by our Citi® Identity Theft Solutions specialists to help reestablish your credit.
Spot spoof emails, and text wisely, and safely.
Several signs can help you determine if an email is legitimate or a spoof. Learn how to recognize and protect yourself from fraudulent emails.
-
What is a spoof email?
Spoof emails (also known as phishing or hoax emails) appear to be from well-known companies. To bait you, an email may say there's an urgent situation concerning your account, then ask you to click a link back to a spoof website to provide personal information.
Even if you don't supply any information, just selecting the link may enable thieves to access your computer, record your keystrokes, and capture your passwords.
Also, beware of spoof web forms that ask you to provide confidential information that a legitimate company would not ask the customer to enter for a particular transaction.
-
What is a spoof website?
A spoof website is one that mimics a popular company's website to lure you into disclosing confidential information. To make spoof sites seem legitimate, thieves use the names, logos, graphics and even code of the real company's site.
They can even fake the URL that appears in the address field at the top of your browser window and the padlock that appears in the lower right corner. The links in the spoof emails almost always take you to a spoof website.
-
What is a spoof web form?
A spoofed web form is one that is injected by malware and rendered by your browser after you sign on to the company's site asking you to provide confidential information. These spoofed web forms seems legitimate since they use the same logos and graphics of the real company's site. Spoofed web forms can be recognized since they ask you to enter extra confidential data that the company's legitimate form won't ask the user to enter for that transaction.
-
How to spot a spoof
Sense of urgency — Messages claim your account will be closed or temporarily suspended, and warn you'll be charged if you don't respond.
Spelling errors — There may be obvious spelling errors, which help spoof emails avoid spam filters.
Below is a sampling of fraudulent emails that have been reported to Citi:
Your Citibank Account is Under Review
Alert: Deactivation On Your Citi Bank Account In Process
Suspicious Account Activity Reference cYy3MOp 207.188.72.146
-
Citi's email security practices
What we do
Include either the last 4 digits on your ATM/Debit or Credit Card or the last 4 digits of your specified bank account number:
Send you emails with links to features such as online tours and information or promotions about Citi products. These links are only for convenience and you can always type in our URL directly.
-
How to protect yourself
Go directly there — The best way to get to any site is to type its address (URL) into your browser and then bookmark it.
Do not provide your User ID, security word, PIN number, password or other personal identifying information in an email.
Set up a login cookie — Some sites like Citibank.com let your computer remember your User ID. This way, when you return to the site from an email to sign on, your User ID will be visible in the sign on box. A spoof, or fake, website will not be able to display your User ID. (Never use the Remember Me feature on a public or shared computer.)
-
Report a spoof
If you suspect that you've received a fraudulent email message, please forward it to us. Don't change or retype the subject line, as this makes it more difficult to properly investigate. After forwarding the email, you should delete it from your inbox.
• Forward suspicious emails to: spoof@citi.com
• You may also want to forward it to the Federal Trade Commission at: spam@uce.govspam@U C E.gov
• Or contact them at: www.consumer.gov/idtheftwww.consumer.gov/id theft, 1-877-IDTHEFT1 8 7 7 id theft
Email us immediately at spoof@citi.com if you have responded to an email with personal information and believe it to be fraudulent.
Before you respond to any text message, learn how to distinguish a genuine text from a "SMiShing" message that may have been sent by a scam artist.
-
What is SMiShing?
Named for SMS (Short Message Service), the technology used for cell phone text messaging, SMiShing messages appear to be from a legitimate company and typically contain a link that takes you to a spoof website or asks you to call a phone number. Even if you don't enter any information, selecting the link can lead to other problems, such as installing key logging software or dangerous viruses on your phone.
Key logging: This is another method used to capture your personal information. Here's how it works. You click on a link to a website or open an attachment that secretly installs software on your computer. Once installed, it records everything you type, including any User IDs, Passwords and account or personal information. Thieves know how to retrieve this information, or even set it up to automatically have it sent back to them! This is a very real risk when using public or shared computers such as those in internet cafés.
You should also watch out for SMS (plain text) and MMS (multimedia) message headers that start with the number 19. If you respond to them, you'll be charged a premium rate that can leave you saddled with a huge cell phone bill. Some mobile service providers in conjunction with anti-virus companies offer phone based anti-virus software designed to protect your phone.
-
How to spot SMiShing
Requests to renew your bank service — The message may say your banking web service has expired, and to renew it you need to select an enclosed link and visit your bank's website where you can update your account information.
Impending charge notices — The text usually states something to the effect that you will be charged a certain amount per day if you don't call to cancel.
-
How to protect yourself from SMiShing
Avoid selecting links in unsolicited text messages — Instead, go directly to the company's website and fill out information there.
Don't respond to unknown numbers — If you miss a call on your mobile device or receive a text message from an unknown number, it's safer to ignore the call or delete the message. If you're suspicious about a banking phone number received via text message, you can always call the toll-free number on the back of your credit or debit card instead.
Set up blocking features — Check with your wireless phone company to see if they offer the option to block certain types of text messages.
Get on the Do Not Call List — Register your wireless number with the national Do Not Call List. Either sign up online at www.donotcall.gov or call 1-888-382-12221 8 8 8 3 8 2 1 2 2 2.
Install software with discretion — Only install software from reputable companies or from providers you trust.
-
Report SMiShing
If you suspect that you've received a fraudulent text message, please forward it to us. After forwarding the text message, you should delete it from your device.
• Forward suspicious texts to: spoof@citi.com
• You may also want to forward it to the Federal Trade Commission at: spam@uce.govspam@U C E.gov
• Or contact them at: www.consumer.gov/idtheftwww.consumer.gov/id theft, 1-877-IDTHEFT1 8 7 7 id theft
Email us immediately at spoof@citi.com if you have responded to an email with personal information and believe it to be fraudulent.
-
What is Vishing?
If you use Voice over Internet Protocol (VoIP)—such as Vonage® or Skype™—be on guard for calls that play a recording claiming your credit card or bank account has had unusual activity, and give you a phone number to call. This is called Vishing and is a type of Internet phone scam. When contacting Citi always use a trusted number, like the one on the back of your card. But remember, this threat is not dependent upon using VoIP. Any phone service can be used for this.
Visit www.onguardonline.gov to get additional security tips
There are simple things you can do when using your debit and credit cards to help prevent fraud.
While all Citibank® consumer Debit Card and Citi® consumer credit card members have $0 liability for unauthorized charges, taking steps to protect yourself from potential fraud is easy and will be worth it in the long run.
Common types of debit and credit card fraud
- Card duplication which allows for most types of unauthorized purchases.
- Card not present transactions - unauthorized purchases over the internet, phone or mail resulting from a lost or stolen credit or debit card or card numbers.
- Identity theft which can often result in new credit accounts opened fraudulently.
- Account takeover in which a fraudster assumes your identity on your existing card/account.
- Fraudulent electronic money movement transactions.
How to protect yourself
Below are some precautions you can take to safeguard yourself and avoid becoming a victim of debit or credit card fraud:
- Don't let your debit or credit card out of your sight during a point-of-sale transaction.
- Always take your debit or credit card with you at the end of any transaction.
- Review your statements every month. Check for any suspicious transactions and report them immediately.
- Sign the back of your debit or credit card on the signature panel as soon you receive it.
- Report lost or stolen cards immediately.
- Never give out your debit or credit card number or personal information over the phone unless you initiated the call and verified who you are dealing with. The only time Citi will ask for your account password is when you contact us. Citi will never ask for your PIN.
- Report any mobile phone issues (not being able to make calls, send texts, etc...) to your mobile phone provider to ensure a fraudster has not taken over your mobile phone number. Contact us immediately if there are any unusual activities on your mobile phone account.
Tips on how to identify a potential scam
If someone sends you a check or money order, then asks you to deposit the item into your account and wire transfer money out of your account, requests money using your credit or debit card number or asks you to purchase gift cards to send them, please be careful — you may become a victim of a popular scam.
-
How does a financial scam work?
A financial scam usually occurs when you are selling merchandise or chatting online. However, other variations of the scam include:
• Receiving overpayment for an item you placed for sale on the Internet
• Receiving notice that you have won a foreign lottery or sweepstakes
• Promise of receiving a percentage of money for transferring funds to your own bank account for safekeeping, usually from outside the USA
• Notice of receiving an inheritance from a recently deceased, distant relative, and you did not know this person or of his/her death
• Receiving unsolicited emails, faxes or letters requesting an immediate response
• Being asked to cash a check/money order or to allow transfer of funds to your account, and then offered to keep a percentage of the funds
Regardless of how this is presented to you, all scams involve you being contacted by individuals who state that they will forward a check to you. After the check is deposited, you may be contacted and possibly told an elaborate story, which leads to a request that you wire transfer back all or some of the money. After you withdraw or wire the money from your account, the item you deposited is returned to the bank because it is counterfeit. At that point, the full amount of the check will be deducted from your account.
Additional financial scams can occur when you are on your computer or someone calls you directly. Here are some variations:
• You click on a pop-up message that says your computer has a virus and you need to pay to fix it and they request your card number for payment
• You receive a phone call and you are told that you owe back taxes and can pay them by purchasing gift cards from online merchants and you must send the gift cards to them
• You receive a phone call and you are told a relative has been put in jail and you can get them out by sending them gift cards or bit coins
To avoid becoming a victim of fraud, stop and ask yourself: Why would someone send me money to which I am not entitled? Why would I wire funds to someone I met over the Internet?
-
Who is responsible if there is a loss to my account?
As always, you are responsible for any transactions you initiate, including with your debit or credit card, or deposits into your account. Only you can determine if the transactions and/or merchants are truly reasonable and legitimate. Please be careful of any arrangements for funds to be sent to you, especially when you do not really know the other party. If a check or money order is counterfeit or is returned unpaid for any reason, you are fully responsible for any loss that may be incurred. In most cases, the bank can subsequently charge your account(s) to recover the funds. If there are insufficient funds, you are responsible for covering the repayment to the bank. This may result in collection or litigation activities. Please refer to the Citibank Client Manual for more information.
-
Why did Citi allow me to make this transaction?
Federal law requires banks to make deposited funds available to you, usually within 1 to 5 business days. The fact you can withdraw cash from your account shortly after depositing a check or money order does not necessarily mean the item you deposited will be paid by the maker's bank. Counterfeit checks and money orders can sometimes take weeks to be discovered and returned to your bank unpaid.
-
Is it possible for Citi to determine if a check, money order, transaction, or merchant is legitimate or not?
Citi continuously monitors your account for suspicious activity, but cannot always determine if a personal check, a cashier's check or money order, including the maker's endorsement, is valid or counterfeit. Today's technology helps the fraudster produce counterfeit items that look legitimate. That is why you need to 'know' who is giving you the items and that the transaction is reasonable.
Additional information on scams can be found at https://www.consumer.ftc.gov/scam-alerts or www.onguardonline.gov.
Contact your local police department immediately if you believe you have been a victim of fraud or have either received a call or responded to an email received from someone who you now believe was trying to perpetrate fraud.
Citibank customers with questions about their accounts, including transactions on them, should call Customer Service at 1-800-285-17091 800 2 8 5 1 7 0 9, option 1. Representatives are available to assist you Monday through Friday 7:00 AM to 11:00 PM ET and Saturday and Sunday 9:00 AM to 5:30 PM ET.
Choose Your Country or Jurisdiction
Get Citibank information on the countries & jurisdictions we serve
Important Information
You are leaving a Citi Website and going to a third party site. That site may have a privacy policy different from Citi and may provide less security than this Citi site. Citi and its affiliates are not responsible for the products, services, and content on the third party website. Do you want to go to the third party site?
Citi is not responsible for the products, services or facilities provided and/or owned by other companies.