While the internet and the digital technologies have made our lives much easier, they may also pose some threats. As your bank, we want to raise your security awareness and share some recommended measures that will help you protect yourself and your money while banking.
Do you use classifieds websites? Beware of scammers who send links via SMS or Messenger and WhatsApp leading to fake websites that look like classifieds websites. Through these websites, fraudsters encourage you to log into online banking or enter your payment card details. They say that this is the only way to receive payment from the buyer.
Do you use classifieds websites? Beware of scammers who send links via SMS or Messenger and WhatsApp leading to fake websites that look like classifieds websites.
Through these websites, fraudsters encourage you to log into online banking or enter your payment card details.
They say that this is the only way to receive payment from the buyer.
We warn you against e-mail correspondence allegedly from the Ministry of Finance informing about tax refunds. By clicking on the link, the addressee is transferred to a fake page where, in order to get a refund, he must provide all his card details. In this way, fraudsters obtain all the information necessary to carry out a transaction using the addressee's card. Do not be deceived, do not click on the attached links, do not provide any information about yourself and your banking products.
Recently, the banks’ clients, including the clients of Citi Handlowy, have reported some cases where fraudsters call them purporting to be a bank staff officer. They speak Polish but with a foreign Eastern accent and they know your data such as your full name, address, phone number and the last digit of your credit card. They urge you to install a software that will enable them to take a remote control over your desktop or they ask you to provide your bank login credentials.
There has also been another scenario in which the fraudsters call you to inform you there was a suspicious bank transfer into your account asking you to provide them with your card details or logon credentials.
Please remember that any bank will never ask you to install any software or provide any sensitive data such as your card details or logon credentials.
Recently, on the Internet and on social media you can come across advertisements of many investment companies and platforms, including investment brokers offering cryptocurrency or Forex trading. Before you decide to invest your savings in a given fund or broker, first find out more about it and verify such company in the register of the entities of the Polish Financial Supervision Authority or check whether such company is listed in the public warnings register. You can also read opinions of other investors about the company. Note that lack of information on the Internet is a warning sign.
Profit that is disproportionately high against similar offers in the market or obtaining high profits from cryptocurrency or Forex trading is also a red flag. It is recommended to choose funds offered by renowned financial institutions.
Under no circumstances should you grant remote access to your devices (computer, phone, tablet) to anyone or install any software that could enable anyone a remote access to your device. Do not share any confidential data such as logins, passwords or one-time authorization codes. Do not share information about your financial situation or products held.
Fraudsters might use appropriate social engineering methods to obtain your funds under false pretenses. Stay vigilant.
WhatsApp users are warned about a new message hoax which could lead to accounts being hacked. If you are a WhatsApp user, you should watch out for fake messages from your family member or friend with a request to provide a verification code. This is a way how fraudsters take control over your WhatsApp account.
Another WhatsApp scam has also emerged in which an account that pretends as an official communication source for WhatsApp technical team asks users to share their verification code. In the third scam that has also been reported fraudsters try multiple times to log into a victim’s account in order to block it and trick a user to undergo a phone verification via a phone call.
WhatsApp doesn't ask for any personal information, including verification codes.
Please be reminded that the consultants of the Bank who contact our clients for banking purposes NEVER ask to install any application on your phone or computer.
You should never install any applications that come from unknown sources or consent to any other form of access to your phone or computer. If you are asked by anyone to do so, it is highly likely that it is an attempt to infect your device with a malware.
If you receive one of the two following messages, please report it immediately to us.
Clicking the link may result in your login data for the online banking service being taken over.
This message does not come from the Bank, it leads to a false page and is a phishing activity.
Before entering an authorization code sent to your mobile phone, please check if the code is related to the operation you are performing.
Text message with the authorization code includes information on a type of performed operation, possible beneficiary’s account number or a name of an added defined beneficiary.
Examples of text messages with authorization code:
Recently there have been profiles on Facebook that claim to be from Citi Handlowy and inform about promotions urging potential victims to click on fake links to steal banking login credentials or credit card details.
After you click on the Submit button, you are taken to a fake site, e.g. hxxps://citibank-pl.tk/apps/auth/signin/ which steals your confidential data, e.g. online banking login credentials, credit card details, personal data or passwords.
We monitor such profiles on an ongoing basis and in cooperation with Facebook remove any fake sites. The above site that had appeared recently has been already blocked.Additionally, you should always read carefully the address of the site to which you are directed. Before you enter any information on any website, please make sure the site to which you have been directed is the bank’s site. For more information on how to check this, please visit the following page: https://www.citibankonline.pl/en/safety.html
If you receive suspicious message claiming to be from Citi Handlowy, please inform us of this fact immediately. To find out how to contact us, please go to: http://www.citibank.pl/poland/homepage/english/contact.htm
When you receive an email from Citi Handlowy with the link to the Citibank Online transactional platform, please follow the simple steps below that will help you stay safe:
Recently there has been malware identified on 4 smartphone models that was installed during the production phase. Removing the malware is possible only by means of a special software provided by the manufacturers.
The identified phone models are: Doogee BL700, M-Horse Pure 1, Keecoo P11 oraz VKworl Mix Plus. For Keecoo P11 there is an updated version available that can remove the malware. Other manufacturers have not issued any software that would enable to remove the virus. In past, there were some similar cases of preinstalled malware on Android smartphones, such as Android.Triada.231 Trojan identified in 2018 on 40 smartphones.
The malware installed on the phone during the production stage may steal data such as IMEI number, information about location, operator or MAC address. Then, the data are sent to a server and the malware can download and install applications, remove applications or open any URLs in a browser.
We recommend to avoid using the above mentioned phone models.
Be vigilant when making online payments. Always carefully check the addresses of websites used to execute transactions. Fraudsters often use the names of and pose as known service providers by creating misleadingly similar websites or placing a so-called overlay on the legitimate website. Thus, they obtain all the data necessary to withdraw your funds from your account or credit card.
For example, the following addresses are seemingly the same:
However, they may lead to two different websites. Sometimes, the difference in the web address is almost unnoticeable, especially on mobile devices (e.g. a comma instead of a dot, any underscores).
You should be especially alert to the following elements:
If anything raises your suspicions, please contact us immediately at (+48 22) 692 2484.
When registering and entering your payment card data in Google Play or another store, please read carefully the terms and conditions of the service provider. Such registration often entails acceptance of any payments made on the user’s account to which the card has been linked (including those made by minors). Moreover, authorization is only necessary for the first transaction, while all the subsequent ones are executed without the security measure, such as an authorization code received on the phone. Let us remind you that Google Play and other accounts enable access and purchase of games and applications. The payment card linked to a Google Play account also makes it possible to make in-game or in-app purchases.
Once again, we’d like to warn you against the most popular scenarios of frauds implementing social engineering mechanisms and to remind you to exercise special care. Despite whistle-blowing campaigns related to such type of crimes carried out by various institutions of public trust, extortion still remains one of the most frequent methods applied by fraudsters:
More often than not, criminals induce their victims to withdraw funds from the bank, to withdraw a deposit, take a loan etc.
Fraudsters instruct their victims not to contact their family or other persons and require immediate action. In their actions, they usually use emotions of the victim, intimidating them or creating a tense atmosphere.
Stay alert.
Recently, scammers have started to place fake QR codes on some ATMs. The codes are placed illegally without the consent of banks and ATM service providers, and are not connected in any way with banking services.
Fraudsters stick the fake codes to bait potential victims and make them scan the codes using their smartphones. Scanning the code is followed by the SMS PREMIUM service for which there is a large fee charged. Additionally, fake QR codes lead to malicious websites that trick the victims into installing malicious software. During the installation, customers are required to key in confidential data such as logins or passwords.
Therefore, you should be extra attentive while scanning QR codes and avoid scanning a code in public places.
What to do if you fell a victim of the fraudsters?
You should immediately notify your bank and police of the suspected crime.
Recently, you may receive sms messages that claim to be from Electronic Platform of Public Administration Services. By the sms, you are inform that your cash loan application has been accepted and the loan will be disbursed within 60 minutes. You may cancel your request by clicking on the link that takes you to a fake site. As a consequence, fraudster may execute transfers from your account via online banking.
If you receive this kind of messages, please do not click on any links and notify your bank immediately.
Recently, you may receive fake sms messages that claim to be from a courier company that try to trick you into clicking on the attached link. You are informed that you need to make additional payment for a delivery. Once you click on the attached link, you are directed to a fake site infected with malware. As a consequence, fraudsters may execute transfers from your account at the time or after making the additional payment for the courier services.
If you receive this kind of messages, please do not click on any links and notify your bank immediately.
Recently there have been some fake emails reported that are sent by zapytania.wawer@pln.com.pl claiming to be from Bank Handlowy and asking you to open the attached link. They inform you of the completion of an order and costs of delivery, attaching fake invoices. They try to trick you into visiting a fake website in order to install a malicious software on your computer.
If you receive this kind of email, please do not click on any links or do not open the attached documents. We recommend to report such emails to us and notify relevant investigative authorities.
A new, dangerous voice recording application called “QRecorder” is now available in Google Play, targeting Android smartphone users who bank online.
The malware planted in QRecorder app, Spy Banker, steals the online banking login credentials. It can also take over the access to your text messages with one-time passwords, gaining access to your funds.
If you installed the malware, we advise to scan your device using an antivirus software. Additionally, we recommend to uninstall QRecoder app or restore default settings on your device.
If you detected the malicious app on your smartphone, please change your logon credentials and PIN using other trusted device.
Recently, the Internet users in Poland may have received emails with links to websites claiming to be of various institutions (e.g. companies selling Electronics Home Appliances, utility providers, postal service providers).
These messages and website contain malicious software or links to such software. The user is asked to click on the link attached to the message to check the status of the shipment or invoice. After clicking, the user is taken to a website that infects his or her computer with a virus. The users may also receive links to fake websites where false account number of company is provided.
To verify whether the email that we have received is phishing, you should check the following:
If you receive this type of message, do not click on the attached links or open the attached documents. If you expect this type of e-mail messages (e.g. you have a contract with the energy supplier), we suggest that you find the proper website instead of using links sent in e-mails. Bank recommends also to compare account numbers on the received invoices (electronic and paper) to avoid transferring money to a fraudulent account.
The new payment method is a kind of immediate payment. It is used by a growing number of Polish service providers (e.g. travel agents) as this form of payment allows them to obtain the money from their clients quickly.
The payment is similar to online payment methods with the name of your bank being displayed (without its trademark). If you want to use this method, you are asked to provide your online banking username and password. If your bank sends you SMS messages with a one time password, you are asked to enter the password on the website where you are making the payment. The username and password are sent to the agent that log in to your account and transfers the amount to the service provider.
Despite the fact that the service providers assure that this method is safe, the method is not recommended by the bank as it entails compromising your sensitive data to the third party, i.e. the agent. The data could be used in the future for unauthorized access to your account.
When using this form of payment, you are asked to:
Additionally, the third party often reserves the right to check your account balance and history.
Risks involved:
We do not recommend to use this form of payment. Due to security reasons, we recommend to choose other forms of payment. Service providers which use the new payment method must offer its users also other payment alternatives.
Recently, there have been some intensified attacks on the auction website users reported. They are sent e-mails or SMS messages from senders claiming to be potential buyers. In the message, they inform the seller that they transferred cash for the product. Usually, the transfer is made by a foreign bank. A fake confirmation of the payment blocking until the product is sent is usually attached to the email. The aim of the attack is to obtain the product without a payment.
These messages can also contain malicious software or links to such software. After clicking on the link, software infects your computer with a virus.
When receiving an email from a potential buyer, you should pay attention to the following elements:
If you receive this type of message, do not click on the attached links or open the attached documents. We should not correspond with the potential buyer as mentioned above. If you believe you may have fallen a victim to such attack,, you are asked to contact the administrator of the web portal. If you sent your product and did not get payment for it, please contact the law enforcement authorities (Police or Prosecutor).
Please be kindly reminded that in order to take advantage of our offers prepared together with our partners, we will never ask you to provide your debit or credit card details or any other sensitive data. Those who want to sign up for an offer with us are asked to provide only their full name and phone number to be contacted by our representative.
In view of the recent text message scams, we warn you against fake text messages that claim to be from Biedronka or Lidl and are sent in order to steal your debit or credit card details.
The text messages contain a link to a page that informs you of winning a PLN 300 gift card. After clicking on the link in the text message, you are directed to the following site:
Then, after clicking “OPEN THE ATTACHMENT”, you are informed that you have won the Gift Card, and are asked to click the “ACCEPT” button. Once you click on it, there is a message on the screen that in order to protect your personal details, you are asked to answer a few questions.
Next, you are asked to acknowledge that you want to collect the gift card by entering your email address and password. Finally, there is a contact form in English displayed on the screen where you are asked to enter your debit or credit card details. If you provide the details, your card will be debited with the amount of USD 49.90 (ca. PLN 178.00) within the next 7 days.
Contact form:
If you have fallen a victim of this attack and provided your debit or credit card details, please contact us immediately on (+48) 22 692 2484.
A new, dangerous application called “Utra Explorer” is now available in Google Play, targeting customers of 15 Polish banks. The application has been designed for Android smartphones and to steal login credentials and capture SMS’es.
Here is how the malware looks in Google Play:
When you are installing the application, it asks you for access to multiple functions, including SMS’es:
We advise you to be very careful when downloading applications even from trusted sources such as Google Play. You should always make sure that an application name and icon are original. Even a slight difference versus the original name or any inaccuracy in the operation of the application should raise your suspicion. Additionally, once the application is installed, you should check what permission it is asking you for. Asking you for access to your SMS’es, downloading files from unknown sources or asking you for an extensive list of permissions should raise a red flag immediately. At the same time, we recommend to bank online using only trusted Internet browsers or the Citi Mobile® app.
What to do if you have already installed the application and entered the requested details?
A new dangerous application targeting Polish bank customers was found hiding on the Google Play store.
Here is how the malware looks in Google Play
The malicious application is said to support all Polish mobile banking platforms. Its list includes 21 Polish banks. Short description of the software presented in Google Play lists all the supposed functionalities of the application after it is installed while in fact its only functionality is to steal your login and credit card details.
The application asks you for access to your SMS’es
When you are installing the application, there is a message displayed on the screen that the software requires an access to your SMSes to run properly. The application is said to be designed to store your login details to as many as 21 mobile banking platforms offered by the Polish banks. Depending on which option you choose, you are asked to enter your login details or your credit card details directly in the malware. Once you enter the credentials, they get stolen by the application and there is a message on the screen saying that a temporary error has occurred and you are asked to try again later.
The malware after it is installed on your device
We advise you to be very careful when downloading applications even from trusted sources such as Google Play. You should always make sure that an application name and icon are original. Even a slight difference versus the original name or any inaccuracy in the operation of the application should raise your suspicion. Additionally, once the application is installed, you should check what permission it is asking you for. Asking you for access to your SMS messages or downloading files from unknown sources should raise a red flag immediately. At the same time, we recommend to bank online using only trusted Internet browsers or the Citi Mobile® app.
What to do if you have already installed the application and entered the requested details?
Later in November 2017, two dangerous apps – "CryptoMonitor" (app tracking cryptocurrency prices) and "StorySaver" (Instagram extended feature) were found hiding on the Google Play store, which have enabled fraudsters to gain login credentials of online banking users of a few Polish banks, including Citi Handlowy.
After downloading, the malware scanned the device against any banking apps installed. If such app has been found, they sent fake logon forms imitating the real banking app to steal user names and passwords. The malware was also equipped with extended device authorization that let fraudsters take control of and send SMSes without users knowing about it, which was used to steal One Time Passwords and break two-layer authentication and, eventually, steal money from the users’ accounts.
Both apps have been removed from Google Play store soon after but a few thousand Android users may have been infected by the malware in the period when the apps were on the Google Play store.
What to do if your device gets infected?
How to protect yourself for the future?
This case shows that fraudsters can now smuggle malicious software into trusted sources such as Google Play or Apple Store. Therefore, you should be very careful whenever installing any software on your phone that you use for online or mobile banking, and follow the highest online banking security standards (do not share your phone with anyone, be very careful when clicking on links in emails or SMSes, do not install software from unknown sources, turn on default security settings, make sure your software is up-to-date, etc.).
Beware of fake emails sent by fraudsters posing as a banking institutiom, including Citi Handlowy. The emails claim that the bank account of the client was locked due to significant changes in the account activity. The client is asked to click the link in order to confirm or review the account information. The incident aims at obtaining sensitive information such as personal details or logon credentials.
We remind you that we will never inform you of your account being locked or suspended via an email or SMS. Also, we will never ask you to click any link in order to have your bank account unlocked.
If you ever receive a suspicious email claiming to be from Citi Handlowy, we recommend checking carefully the URL address of the attached link by moving the cursor over the link without clicking it. We also advise you to scan the email against any grammatical or logical errors (e.g. using an incorrect name of our bank other than Citi Handlowy). If you still have doubts or have a security concern, please contact us at (+48 22) 692 2484.
To learn more about our email communication with the clients, please visit our Safe Banking section where we inform i.a. how to make sure that the email received from Citi Handlowy with a link to the Citibank Online transactional platform is legitimate.
If you think you may have provided confidential information in response to such fake email, you are asked to immediately contact CitiPhone at (+48 22) 362 2484 or (+48 22) 692 2484.
For enhanced safety, from August 11th, 2017 access to Citibank Online will no longer be possible from devices that use the following combinations of browsers and operating systems. Additionally, from August 18th, 2017 it will no longer be possible to access Citi Mobile from devices running on Android versions below 4.4.
| Service | Browser/Operational System | Since when |
|---|---|---|
| Citibank Online | Baidu Jan 2015 IE 10 / Win Phone 8.0 IE 7 / Vista IE 8 / XP IE 8-10 / Win 7 Safari 5.1.9 / OS X 10.6.8 Safari 6.0.4 / OS X 10.8.4 | August 11th |
To find out which version of the operating system you have on your smartphone or tablet, please go to the device Settings -> About phone/tablet. To determine what version of the operating system you have installed on your computer, go to My Computer -> Properties.
If you have one of the above operating system versions on your device, please update your system to the latest version. Remember to use only trusted sources for your updates.
Recently there have been many phishing incidents reported targeting online banking users. The incidents aim to obtain sensitive information such as your bank account usernames, passwords or your card credentials. Criminals are sending scam emails claiming that you have been locked out of your account due to, e.g. unauthorized use of your bank account. They try to trick you into clicking a link that will take you to a phishing site controlled by the fraudster, enabling them to steal security details that can be used to access the victim’s bank account online. If you ever receive such email, please contact us immediately.
Please remember that Citi Handlowy will never ask you for the following via an email or text message:
We advise you to carefully read any text messages received from the bank and verify the text message information against the details of the transaction that you are making using online banking or mobile apps. This refers to both, one-time text message authorization codes where you should carefully verify the transaction details, as well as information messages. Should you have any doubts, please contact us immediately.
In order to provide you with the best customer experience, we sometimes send emails or SMS messages with links to our offers. In this "Security Alerts" section you can find out whether an email or SMS you received is from Citi Handlowy.
We want to warn you to expect new methods of operation of the so-called Trojan horses in the area of electronic banking. Frauds manipulate information you see on the screen to create a new recipient on the payment list to whom funds from the attacked account are going to be transferred later on.
After the user has logged on to the transaction system, the Trojan shows the user a message that the last attempt to send a transfer failed. Next, the Trojan creates, and the account owner is not aware of this, a new recipient by filling in in its name the data from the last transfer (to deceive the user to believe that the user is updating the last transfer) and forces the user to enter a one-time authorization code. In the next steps, the Trojan increases the daily limit for online transactions to the maximum level possible. It does so by manipulating the on-screen message which says that the operation needs to be authorized one more time. As a result, a new recipient with a fake account number is created to which the maximum allowed amount is transferred. All this happens with the involvement, but without the knowledge, of the user.
Such situations have been very rare so far. Nonetheless, we remind you that: The Bank always asks you for an authorization code ONLY once. For a submitted online transaction (e.g. a transfer), you should always stay alert and carefully check if the content of a text message (and especially the account number of the recipient and the amount) is in accordance with the submitted order. If you detect any suspicious activities, please contact the Bank immediately.
A SIM SWAP fraud may occur when an unauthorized person obtains a duplicate SIM card and thus intercepts your phone number. With the help of this duplicate card, the fraudster may gain access to your online banking, change your access passwords, and even execute fraudulent banking transactions on your account with you being unaware of it.
You should contact your mobile operator immediately if you stop receiving calls or texts and cannot make phone calls in places where it is in fact highly unlikely not to have signal (e.g. city center) to make sure no duplicate SIM card has been recently issued to an unauthorized person.
Also, if there is a message on your phone that there is no signal or no service (e.g. “No service”) despite restarting the phone, you should contact us immediately via CitiPhone or Citibank Online to disable sending passwords and one-time transaction authorization codes to your phone number.
There has been recently spotted a trend emerging in malicious websites distributed via SMS phishing. Mobile device users receive text messages with web addresses that imitate those of legitimate websites.
The phishing attacks target primarily Facebook, Apple, including iCloud, Craigslist, and OfferUp.
They are part of the tactic for phishing specifically mobile devices - if the site is delivered via an SMS link, it is not possible to check the legitimacy of the site before tapping it. Mobile-focused phishing attacks attempt to conceal the true domain they were served from by padding the subdomain address with enough hyphens to push the actual source of the page outside the address box on mobile browsers. Below you can see the example of the malicious address:
How Can You Protect Yourself Against the Attacks?
Pay particular attention every time you receive a text message with a link to a website. If you have any doubts, please do not tap it before you make sure the site is legitimate. Also, we want to remind you of the links to the sites that can most frequently appear in text messages sent to you by Citi Handlowy: www.online.citibank.pl, www.citibankonline.pl, www.citigold.pl.
We protect our website with VeriSign Secure Site certificate. Extended Validation SSL certificates trigger the browser address bar in high-security browsers to change to a green color. IF you have any doubts regarding the safety of our sites, please contact Citibank Online (technical support) on (+48 22) 692 2484.
A new wave of phishing attacks that target online banking users has been reported in Poland. Cyber criminals claiming to be from a legitimate source such as a government institution (e.g. Ministry of Finance, Ministry of Digital Affairs or Tax Authorities) may contact you via email in an attempt to get you to open an attachment that contains malware. For example, the scammers pretending to be from the Ministry of Finance send you an email with the attachment to inform you that you have not reported your income. Opening the attachment results in your computer being infected with GozNym or ISFB malware that is known for attacking online banking users.
Scammers may try to trick you using different methods that are designed to gain your trust and make you less vigilant. They often play on your emotions such as fear to push you to act impulsively (e.g. threat of financial penalty, criminal responsibility, financial or data loss, etc.). Here are a few useful tips that you should follow to ensure that your online banking experience is safe:
If you believe you may have fallen victim to a phishing scam, please call or visit us immediately.
Please be advised that criminals have intensified attacks on users of electronic banking in Poland.
Internet users may have received recently e-mail messages from senders passing off as various institutions (e.g. companies supplying electricity or courier and postal service firms). These messages contain malicious software or links to such software. The user is asked to click on the link attached to the message to check the status of the shipment or invoice. After clicking on, the link the user is transferred to a website that infects his or her computer with a virus.
To verify whether an e-mail message may be phishing, you must pay attention to such elements as:
If you receive this type of message, do not click on the attached links or open the attached documents. If you expect this type of e-mail messages (e.g. you have a contract with the energy supplier), we suggest that you find on your own the proper website instead of using links sent in e-mails.
In order to provide you with the best customer experience, we sometimes send emails or SMS messages with links to our offers. In this "Security Alerts" section you can find out whether an email or SMS you received is from Citi Handlowy.
Please be informed that a GozNym malware, attacking computers of electronic banking system users, has been spotted
How GozNym malware works?
Computers get infected in case user opens an attachment from an infected email. Activated malware checks what banking platforms is used by the user. Next, when user attempts to log in to his electronic banking platform gets redirected to a fake transactional service and the genuine banks electronic banking platform gets blocked.
How to prevent malware installation?
Do not open suspicious links and attachments sent via email.
Do not reply to any emails in which you are asked to provide your personal data or access codes.
Install and make work an anti-virus protection software, that has an updated malware database.
For more information on electronic banking safety features please visit following tabs: Basic Security Tips and Additional Security.
Please be informed that a new digital banking attack scenario has been developed by hackers in Poland.
According to the information provided by The Polish Bank Association hackers send SMS messages informing that smartphone system update is required otherwise it won’t be possible to use some features of the device. In the SMS sender field it appears either an unknown phone number or ANDROID tag. Massage contains also a link to a fake website to download the update. Device get infected with the malware Trojan when user unlocks option of installing applications from untrusted sources, and installs an application that requires access to sending and receiving SMS messages or even calling premium numbers (high connection charges).
Installation of this malware allows hackers to take control over the device and at any attempt to logon to online banking platform it will inform about the need of an additional one-time authorization code verification send to user’s device by the Bank via an SMS. It’s an attempt of stealing user’s codes and log on data, which once accessed by hackers will allow them to perform unauthorized transactions or change account settings.
Therefore, to avoid this malware software, users should beware of any suspicious requests to provide their one-time authorization codes and shall not click on any suspicious links in messages send by unknown senders. Information regarding operational system update is never being sent via an SMS. Any mobile application should be installed only from a trusted platform such as Google Play or AppStore. To improve device safety the option allowing app installation from untrusted sources should be switched off.
A new type of malware attacks has been spotted recently targeting the Polish online banking users.
The malware used by hackers displays a pop-up box after you have logged on to your online banking system. The box states that you may additionally insure the transactions you make online and asks you to add a new account number to your list of predefined payees.
Please be kindly informed that we do not offer such insurance! You should cease the transaction and notify us immediately of any such attempt since your computer may be infected with malware.
It is important that you carefully check all the details and the account numbers that you add to your list of predefined payees. Please be reminded that all the transaction details are stated in the SMS One-time Authorization Code that contains:
For enhanced security of your computer, please scan your computer regularly against any attacks using antivirus software.
A new type of malware has been spotted that may attack the online banking users.
The malware allows hackers to steal your user name and password as you enter them during the logon process. Once you have logged on to the system, you will be asked to install antivirus software on your mobile phone. To trick a user attackers may use a malware which looks identical to the original online security software of known and popular antivirus software vendors (for example Trusteer Rapport, McAfee, Kaspersky etc.).
First, the user is asked to select the operating system and then to enter the phone number that he/she uses to confirm the banking transactions. Later, the user receives the SMS containing the link to the fake software. Once the fake software has been downloaded and activated on your computer, the hackers will be able to fully control your device, stealing all your confidential data, including one-time SMS authorization codes.
Remember, Bank is never sending links to any antivirus software. We recommend installing antivirus software for your mobile device downloaded from official application stores (App Store, Google Play) only.
If you believe you have been a victim of a malware attack, please contact Citibank Online at (+48 22) 692 2484
A new type of malware called Dyre has been spotted that may attack the online banking users.
There are a number of ways your computer can get infected with the malware, including, for example, opening e-mail attachments that direct you to an unwanted site (phishing e-mails). Once the virus has been installed on your computer, the hacker will be able to steal your username and password as you enter them during the logon process.
While logging on to the online banking system, you may be informed that it will take longer than usual to complete the logon process. During this time the hackers will use your user name and password to make changes and transactions in the system.
Therefore, beware of emails from unknown senders that contain suspicious attachments or links. If you have received a phishing email, please do not open it - just delete it immediately. Additionally, we recommend you use an antivirus program to make sure your computer is safe.
If you believe you have been a victim of a malware attack, please contact Citibank Online at (+48 22) 692 2484
CERT Polska has spotted a new wave of malware, mainly Tinba, attacks targeting the Polish online banking users.
In the new attack scenario, the malware used by hackers changes the number of the account which you are currently transferring money into. The change occurs upon you confirm the funds transfer and takes place without any outward signs visible to the user
It is therefore important that you carefully check the account number and the funds transfer amount with the confirmation SMS details.
A new wave of malware attacks has been spotted recently targeting the Polish online banking users.
In the new attack scenario, the malware used by hackers displays a pop-up box after you have logged on to your online banking system. The box states that you may additionally insure the transactions you make online and asks you to add a new account number to your list of predefined payees.
Please be kindly informed that we do not offer such insurance and you should notify us immediately of any such attempt. It is important that you carefully check all the account numbers added to your list of predefined payees!
Please remember not to install any anti-virus protection software or certificate to use Citibank Online on your computer or smartphone.
The only way to safely do your mobile banking is to download our Citi Mobile app from App Store, Google Play or BlackBerry App World.
Users of mobile banking are targeted by ZITMO, malicious software that poses a threat to funds deposited into bank accounts. The victims are urged to install the malicious software or "e-certificate" which enables hackers to access the accounts.
For more information on the fake anti-virus protection software and e-certificate, please visit CERT's site.
If visiting our websites you spot any information urging users to install the certificate, please:
We will take appropriate action to block the fake website and eliminate the source from which the scam e-mails are sent.
For information on malware removing, please visit CERT's site.
The Bank has noticed a new attack scenario carried out by VMZeus malware. In this scenario, the customer is asked to allegedly confirm their contact number using a single-pass code. In reality, this number is substituted in the system for a number controlled by criminals.
We recommend paying particular attention to any operations related with changing the contact telephone number in online banking. Substitution of the telephone number may lead to a situation in which the criminal obtains all information necessary to carry out an unauthorised transaction and transfer financial resources.
Any suspicious situations should be reported by:
New malware known as Android.BankBot.34.origin/ has been observed on the Internet. It can obtain users’ private data from infected devices and, as a consequence, steal funds from online and mobile accounts associated with these devices.
The following actions can facilitate installation of this type of software:
At the same time, we recommend:
The Polish Bank Association would like to inform you about a new type of malware known as Banapter. It threatens Customers who use online banking via popular Internet browsers: Firefox, Internet Explorer or Opera.
Criminals use spam e-mail to infect Customers’ computers. These e-mails reach random recipients, but many of them are also received by customers of Polish banks.
Fraudsters send fake e-mails urging you to provide confidential information. Such e-mails usually contain attachments and/or request for confidential personal details. They may also contain a link to a fake Citibank Online site which looks almost identical to the proper one.
In order to provide you with the best customer experience, we sometimes send emails or SMS messages with links to our offers. In this "Security Alerts" section you can find out whether an email or SMS you received is from Citi Handlowy.
If you receive a scam e-mail claiming to be from Citi Handlowy or Citigroup, we kindly ask you to:
In case of reporting any fraudulent activity, the bank in cooperation with local law enforcement officials will take appropriate action to block the fake website and eliminate the source from which the scam e-mails are sent..
If you think you may have provided confidential information in response to such fake e-mail, you are asked to immediately contact CitiPhone on ((+48) 22 362 2484 or 48 22 692 2484).
Malware such as trojans/keyloggers can be secretly installed on your PC. This software enables hackers to see the text you type on your computer or scan your computer in search of credit card or bank account information, as well as spy your Internet habits and behavior.
Malware may be served as hidden codes within a website, email or email attachment’s code. Therefore it is essential that you regularly update your anti-virus software and firewalls installed on your computer.
If your anti-virus software detects and removes a trojan horse, please remember to immediately change your Citibank Online user name and password.
The Internet users were informed some time ago of the security gap in popular Internet Explorer web browser. The gap can let an attacker to take control of a computer if the user clicks on a link to a malicious website. Therefore you should immediately update your Internet Explorer browser using Microsoft website.
