Beware of suspicious telephone calls. Citibank won't contact you by phone with the offer of a preapproved credit card. If you receive a phone call from someone offering you a preapproved Citibank credit card - on the basis you supply them with personal information such as drivers licence, address details, income details - report it to the police or contact Citibank on 13 24 84.
Protect your identity by keeping your personal data in the right hands. For more information view the Australian Bankers Association fact sheet on protecting your identity
It is important you protect your computer and information with some easy-to-use tools such as firewall programs, email filters, anti-virus software and spyware filters
Review your account statements as soon as you receive them and notify Citibank immediately of any unauthorised transactions
Always type www.citibank.com.au into your browser when signing on to Citibank Online.
While Logged On to Citibank Online
Citibank will never send you emails containing links. It is important not to click on any links to Citibank Online from an email
Keep your ATM PIN secure and never disclose it to anyone
Do not select an easily identifiable ATM PIN like 1111, 1234 or dates of birth
Before submitting information through a website, look for the "padlock" icon on your browser's status bar or that the website address starts with "https://" and not just "http://"- when such security details are present, your information is in a secured session
Contact CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas) if you notice a discrepancy in the date and time of your last sign in. This information is found at the top of the "My Home" page after you login to Citibank Online
Misspelled words either in the email message or within the website may signal a potential scam
Always exit Citibank Online by clicking on the "sign-off" option, do not just close your browser
Report all suspicious emails by forwarding them as an attachment to Citibank: emailspoof@citigroup.com - for further investigation and action
If you suspect your account has been compromised in any way, call CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas).
Customers should understand that Citibank will never send emails to customers to verify personal and/or account information.
It is important you disregard and report emails which:
Request any customer information - including your ATM PIN or account details. Therefore, customers should not reply to emails that request such information
Advise you to contact a phone number to verify your card or account details. Always call CitiPhone on 13 24 84 (+61 2 8225 0615 if calling from overseas)
Send emails to customers instructing them to login or apply for a product via a link in an email. Therefore customers should not click on such links.
Contact CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas) if you suspect your personal or account data has been compromised.
How Citibank is protecting you
Citibank is committed to providing a secure banking environment for our customers. Citibank uses the latest technology and systems to deliver a range of security initiatives as part of an ongoing program to enhance the security of our online banking website.
All communication sent from your computer to our secure systems is encrypted to ensure the confidentiality of all data sent and received
Citibank's dynamic on-screen keyboard, found on the sign on page of Citibank Online, is a means of protecting your password when you enter it. This sign on method consists of an on-screen keyboard from which your password is entered with your computer's mouse, rather than a keyboard which can be more easily targeted by key logging software
A digital certificate (found by clicking on the Padlock Icon in the Status Bar at the foot of the page ) is used to verify the identity and authenticity of Citibank's websites
Immediately upon signing in to Citibank Online, the "My Home" page details the date and time of your last sign in. Contact CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas) if you notice a discrepancy in the date and time of your last sign in
A security feature unique to Citibank is the Online Authorisation Code which provides added protection when performing third party funds transfers
The Citibank Online website is constantly monitored by dedicated personnel 24 hours a day who review the website to identify opportunities to enhance the site's security and to maintain all the internet banking services available for our customers
Citibank customers are able to contact CitiPhone 24 hours a day, seven days a week for assistance with any queries.
If you believe your account has been compromised in any way, call CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas)
For more information the following websites are also available:
Email fraud - spoof (also known as phishing or hoax)
A spoof website is one that mimics a popular company's website to lure one into disclosing confidential information. To make spoof sites seem legitimate, thieves use the names, logos, graphics and even code of the real company's site.
Although they can be difficult to spot, these sites generally ask you to click a link to a spoof website and request you provide, update or confirm sensitive personal information. As bait, they may allude to an urgent or threatening condition concerning your account.
Signs of a spoof email
There may be a sense of urgency. Example: Your account will be closed or temporarily suspended or you will be charged a fee if you do not respond
Advise customers to contact a phone number to verify your card or account details
There are embedded links that look legitimate because they contain all or part of a genuine company’s name. These links may take you to spoof sites that ask you to enter, confirm or update sensitive personal information
There may be obvious spelling errors. These errors enable spoof emails to avoid the spam filters that internet service providers use.
If you've received one of these emails, please forward it to emailspoof@citigroup.com. As email spoofs continuously evolve, providing us with examples will help our ongoing investigations. Email spoofs can continually evolve, and even slight variations, like differences in the embedded links, will aide our investigations.
Customers should understand that Citibank will never send emails to customers to verify confidential, personal or account information.
If you believe your account has been compromised in any way, call CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas)
For more information the following websites are also available:
If you receive a suspicious email that appears to have been sent by Citibank, contact CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas). Forward all suspicious emails as an attachment to emailspoof@citigroup.com for further investigation and action.
You can verify that you are communicating with a genuine financial institution by examining the website certificate during a secure session. This will verify the identity of the specific website you are accessing as well as validate that the site is secure and genuine. It also ensures that no other website can assume the identity of the original secure site. Please refer to your internet browser's documentation for instructions on how to view a certificate. Always ensure that you are using a secure website when submitting credit card or other sensitive information. To make sure you are on a secure web server, check the beginning of the website address in your browser's address bar - it should read https://, rather than just http://.
Web browsers use standard security protocols like Secure Socket Layer (SSL), and Secure Hyper Text Transfer Protocol (S-HTTP) to enable private information to be transmitted safely over the Internet. When you visit a website with the SSL protocol, a secure connection is created between your computer and the website server you are visiting. Once this connection is established, you can transmit any amount of information to the web server safely. In contrast, the S-HTTP is designed to transmit individual messages securely.
For most web browsers such as Microsoft Internet Explorer and Netscape Navigator, a secure, encrypted session will be indicated by a closed padlock or an unbroken key icon that appears in the lower left or right hand corner of the browser window. You should also check the address bar of your browser. If the website address starts with "https://" rather than the standard "http://" then the session is secure.
Some phishing attacks use viruses and/or Trojans to install programs called "key loggers" onto your computer. These programs capture and send out any information that you type to the phisher, including account numbers, usernames and passwords. In this case, you should:
Install and/or update anti-virus and personal firewall software
Update all virus definitions and perform a full scan
Digital certificates are issued by extensively audited and controlled certification authorities to authenticate a website or elements of websites. The certificate identifies the originator of the site and verifies that it has not been tampered with. When your web browser is presented with a certificate, it will check to see if a legitimate certification authority issued the certificate. If there is a match, your session will continue. Otherwise, your browser will issue a warning, and your safest action is to cancel your activity.
If a secure session is established and the information is encrypted during transmission, then others will not be able to view your information. However, you should be aware that some web browsers will store information on your computer even after you are finished conducting your online activities; this is called caching. Therefore, you should close your browser once you are finished using the Internet, particularly if you visit secure sites to conduct financial transactions, check account balances or view any other information that you regard as private and confidential.
Email sent over the Internet is generally not secure unless it is encrypted. In reality, most email programs currently do not have this capability. As most email transmissions are not secure, you should never send any personal or financial information, such as your credit card number, over email.
For more information the following websites are also available:
) is used to verify the identity and authenticity of Citibank's websites 
