Citibank Phishing Scheme Uses Fake Suspension Alerts to Lure Customers

Colin Thierry Colin Thierry

According to multiple reports, a large-scale phishing scheme has targeted customers of Citibank, requesting victims to disclose sensitive personal details in order to lift alleged account holds.

The campaign used emails that feature Citibank logos, sender addresses that look genuine at first, and typo-free content.

The Citibank customers targeted in these attacks were informed that their account has been put on hold due to a suspicious transaction or a login attempt from someone else.

The attackers then claim that the customers should take urgent action to verify their accounts in order to avoid permanent suspension.

If the embedded button is clicked, the victims are directed to a website that looks much like a real Citibank portal, where they are requested to enter their login credentials.

Then, any user ID and password pairs entered on the website go directly to the threat actors, who may use the stolen credentials to access banking accounts and empty balances.

Bitdefender, who has been tracking this phishing campaign, reported its statistical findings on the matter. The company found that 81% of phishing emails in the scheme targeted Americans users, 7% of the emails reached UK users, 4% to South Koreans, and 40% of the emails were sent from US IP addresses (13% from Mexico).

Parallel Phishing Campaign

Along with this scheme, phishing actors are also luring victims with promises of significant financial winnings.

Bitdefender has identified another large-volume phishing campaign whose distribution culminated between Feb. 11–15. This scheme presented recipients with a chance to claim financial compensation from the United Nations.

In this case, the email recipient is recognized as a scam victim deemed eligible for compensation of $5,000,000 through Citibank.

In other cases, the threat actors doubled the amount to $10,500,000 and attempted to include more details in the email to convince the victim of its legitimacy.

For the people that fall for the scam email, the phishing actors request them to fill out their full name, address, age, phone number, and a scanned copy of their national ID card.

In this campaign, the details stolen by the victims cannot be directly used for fraudulent transactions but are instead sold to other criminals on cybercrime markets.

On its website, Citibank has shared information and tips for their customers to avoid these types of scams and help keep their accounts secure.

The listings featured on this site are from companies from which this site receives compensation and some are co-owned by our parent company. This influence: Rank and manner in which listings are presented. 
Learn more
About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.