How To Spot a Citibank Phishing Email (With Examples)

How Do You Know If an Email From Citibank Is Legitimate?

Last year, the cybersecurity firm Bitdefender observed thousands of bogus emails sent to Citibank customers [*]. The goal: dupe bank customers to reveal their login credentials — then access their accounts, and steal their money.

It’s true that scammers are getting more and more sophisticated in their phishing tactics; to an untrained eye, “name@citi.gold-wealth.com” may pass off as a legitimate Citigroup domain.

But falling for these types of phishing scams can have real, devastating consequences. According to the Federal Trade Commission (FTC) [*]:

Over 270,000 Americans were victims of email scams last year, with losses of more than $422 million.

In this guide, we’ll explain what Citibank phishing emails are, how to spot them, and what you should do to protect your account and identity if you’ve mistakenly interacted with one of these emails.

{{show-toc}}

What Is a Citibank Phishing Email?

Unrelenting scammers find out where you bank and then use various methods to target you — via texts, phone calls, emails, and even traditional direct mail.

Citibank phishing emails are scam emails that claim to be from the bank, but are actually sent by imposters using spoofed or accessible domains. 

These emails usually elicit sensitive information such as account details and Social Security numbers (SSNs), or urge you to transfer money to external accounts for various reasons.

Engaging with these email messages in any way can have debilitating repercussions.

• You could accidentally give up access to your online banking account. Many phishing emails steal your login credentials by sending you to fake websites that look like the official Citibank login page. Upon entering your account number and password on such spoofed domains, scammers are able to siphon this information without your knowledge. 
• You could download a malware or virus-laden attachment. Sometimes, cybercriminals use phishing email links to hide viruses and malware. They want to trick you into clicking on these links, which could give them unbridled access to your data and computer.
• Scammers could trick you into sending them your savings. Hackers often use bank phishing emails to warn you that someone is trying to access your account. They’ll insist that you act quickly and send your money to an external account so as to “keep your funds safe.” Once you’ve sent the money, it can’t be recovered.

The bottom line: Scammers are almost always financially motivated — and the use of phishing emails is an attractive strategy for cybercriminals to gain access to your funds.

📚 Related: How To Spot & Avoid Credit Card Skimmers [7 Steps] →

Example: A Citibank Phishing Email That Almost Worked

At first glance, the “From” name — Citibank Business — looks believable. If you regularly schedule payments from your checking account, the email below might not raise alarms (especially if you don’t know the last four digits of your account number off the top of your head).

Here are a few ways you can tell that this email is fraudulent:

• The “From” name is “Citibank Business” but the message isn’t from an official Citibank domain. Anyone can change an email “From” name to look like it’s coming from Citibank or any other bank. However, the sender’s actual email address isn’t from an official Citi.com domain.
• It includes strange phrasing and grammatical errors. Official Citibank emails are proofread before they’re sent to customers. Unnatural phrasing, incorrect spelling and punctuation, and mangled capitalization are all causes for concern.
• The link takes you to a suspicious domain. If the link is excessively long with unusual letters and numbers, it probably leads to a fake website. Official Citibank links should start with “https://www.citi.com/.”
• There are no additional contact methods provided. Scam emails typically avoid listing other contact methods, as the goal is to get you to either click on a link in the email or reply to it directly. Official Citibank emails, on the contrary, generally include a phone number.
• It uses potentially leaked personal information to appear genuine. Scammers often use leaked personal information, such as the last four digits of your accounts numbers, to appear trustworthy. Even if your account numbers haven’t been leaked, cybercriminals may use a randomized set of numbers in hopes that you won’t notice the discrepancy.

📚 Related: How To Quickly Identify Phishing Emails (13 Warning Signs) →

The 5 Latest Citibank Phishing Email Scams

Here are five of the latest Citibank phishing email scams to be wary about:

1. Your Citibank account is suspended
2. Unauthorized charges on your Citibank card
3. Notifications for large prizes or compensation
4. A new Citibank account in your name
5. Scheduled payments from your Citibank account

1. Your Citibank account is suspended — until you verify personal information

Scammers dangle the looming threat of losing your account to try and deceive you into clicking on links without exercising caution. These scams claim that there’s an issue with your Citibank account — such as successful unauthorized login attempts, or missing personal information.

If you click on the link to rectify the issue, you’ll be taken to a look-alike website; and any information that you submit will go straight to the scammer.

How to spot (and avoid) this Citibank email scam:

• Check the status of your accounts directly — not via links in emails. If you’re concerned about a supposed problem with your account, always log in to your Citibank account directly or call the number on the back of your card. Never click on links in emails or text messages.
• Make sure any link you click on takes you to the official “Citi.com” website. Some links may appear legitimate but are actually deceptive text links. Hover over links to reveal the full URL, and make sure they’re actually Citi links.
• Watch for vague language. Citibank should be able to tell you exactly what issue led to your account being suspended. If an email leaves out this information, it’s a red flag indicating that you’re dealing with  scammers.

2. There has been an unauthorized charge on your Citibank card

This scam starts with an email claiming that there’s been an unauthorized charge on your Citibank card. For authentication, you’ll be asked to click on a link to verify the transaction.

When you click on the link, you’ll most likely be taken to a spoofed Citibank website. Any information you enter here to log in will be harvested by scammers.

How to spot (and avoid) this Citibank email scam:

• Check your transactions by contacting Citibank directly. If you’re worried about an unauthorized or suspicious charge on your account, call the number on the back of your card.
• Make sure you’re on the official “Citi.com” website. Before you begin logging in, check that the website URL starts with https://online.citi.com or https://www.citi.com. Next, locate a security lock icon in the address bar of your browser. Finally, look for official branding. The Citibank U.S. website should display the official Citibank logo along with consistent design that you also see on Citibank credit cards, bank statements, and marketing materials.

3. Notifications for large prizes or compensation

Cybercriminals contrive large rewards that don’t exist to lure in victims and then try to convince them to disclose their account details. These scams typically claim that you’re a prize winner or beneficiary of some kind.

Once you reply to the email, you’re asked for your account or credit card numbers in order to release the alleged prize money. In reality, the thieves will just drain your bank account.

How to spot (and avoid) this Citibank email scam:

• Check to see if the email is actually addressed to you. Cybercriminals send an influx of generic emails at once in order to find one obliging victim. If you’re addressed by words such as “Beneficiary,” “Account Holder,” or “Member” — rather than your name — it’s probably a scam.
• Ask yourself if the email sounds too good to be true. Scammers invent fake rewards comprising large amounts of money or valuable gifts to trick unknowing victims into sending their account information. If the reward sounds far-fetched, then it’s most likely a scam.

4. A new Citibank account has been opened in your name

This scam tends to be drawn out over time, but has near-permanent consequences once it succeeds. First, a scammer reaches out to you via phone or email purporting to be a debt consolidation or debt settlement company. They offer to transfer all of your debt into one account so that you can pay it off faster.

With the information you give them, they open a new Citibank account in your name — and you might not find out about it until months later, when you receive a notification about missed payments or a dwindling credit score.

How to spot (and avoid) this Citibank email scam:

• Seek advice from a financial advisor first. If you need to look into consolidating your debt, a financial advisor will be able to direct you to accredited financial institutions with verified products and offers.

📚 Related: Credit Repair Scams: New Scam Types & How To Avoid Them →

5. You scheduled a payment from your Citibank account

This is a tactic scammers use to get you to click on a link that is infected with malware. They play on your panic by sending you a notification claiming that you have a large outgoing payment pending in your Citibank account.

If you click on the link to see transaction details or verify that you actually made the payment, your device will be infected with malware.

How to spot (and avoid) this Citibank email scam:

• Log in to your Citibank account to confirm your account numbers. Scammers often use fake account numbers to make their emails seem realistic. Log in to your account without clicking on any of the links in the email, and verify your account numbers before you take action.
• Consider whether the transaction makes sense. If a supposed payment is listed as both a “debit” and a “credit” (like in the email above), you can automatically assume it’s fake — these two transaction types cancel each other out.

📚 Related: How To Identify Amazon Email Scams (Before You Lose Money) →

Did You Open or Click on a Link in a Phishing Email? Do This

If you clicked on a link in a fake Citibank email or opened a phishing email, you need to act quickly. Here’s what you can do to minimize any damage:

• Contact Citibank. Reach out to Citibank via its Security Center. Citibank has two different phone numbers listed — 1-800-950-5114 for credit card fraud and 1-888-248-4226 for debit card fraud. Representatives will help you determine next steps — they will likely cancel any cards that you have and issue new ones.
• Report the phishing email. Send the suspicious email to spoof@citi.com as an attachment. Avoid forwarding it directly — this makes it more difficult for them to properly investigate. Once you’ve sent the email, it’s best to delete it from your inbox.
• Secure your Citibank account. Change your Citibank password, review your transaction history, and enable account alerts. If you use the CitiManager mobile app, set up Biometric Login which allows you to sign in via your fingerprint or facial recognition rather than your password.
• Run your credit reports. Whenever there’s a chance that your financial information is compromised, obtain and review your credit reports. If you see any activity that wasn’t initiated by you, you can freeze your credit with each of the three bureaus — Experian, TransUnion, and Equifax.
• Scan your devices for malware. Hackers sometimes use links in phishing emails to hide malicious software. Make sure to run an antivirus scan, ideally on all of your devices. Aura’s antivirus tool scans each newly downloaded file for malware.
• Check and secure your other accounts. If you have other financial accounts and social media accounts with the same password as your Citibank password, scammers might be able to commandeer those, too. Create unique passwords for every account, and use a password manager to keep track of them.
• Secure your identity. To prevent further damage and protect yourself from future Citibank scams, consider signing up for an identity protection provider. Services like Aura continuously monitor your personal information and protect your devices.

How To Protect Your Bank Account From Scammers

Citibank phishing emails, like most other phishing scams, go unnoticed because most users access their accounts on their phones. Such scam pages increasingly feature security features — Transport Layer Security (TLS) certificates — that you would only expect from real websites.

Remember these additional measures that you can take to keep your Citibank and other online accounts safe:

• Use secure and unique passwords for every account. Avoid storing passwords anywhere other than in a secure password manager.
• Enable two-factor (2FA) or multifactor authentication (MFA) on your accounts.
• Never reveal passwords, PINs, or one-time use codes (OTPs). Also consider securing your Citibank account with a security word and security questions.
• Sign in to your Citi accounts with facial and fingerprint authentication. Go to your Citi Mobile App and then to Profile > App & Security on your iPhone or Android device to get started.
• Always check that emails and other communications come from official channels — @citibank.com or @citi.com — or from actual people.

Managing this on your own can be overwhelming. Subscribing to an identity protection service like Aura simplifies the process.

Aura’s all-in-one solution helps safeguard your bank accounts and identity by vigilantly monitoring your data 24/7. 

Every Aura plan comes with three-bureau credit monitoring, Safe Browsing tools, bank and transaction monitoring, round-the-clock U.S.-based customer support, and $1 million in identity theft insurance coverage.

Keep your bank account safe from scammers. Try Aura free for 14 days.