Home>Protecting yourself Customer Alert: Beware of suspicious telephone calls. Citibank won't contact you by phone with the offer of a preapproved credit card. If you receive a phone call from someone offering you a preapproved Citibank credit card - on the basis you supply them with personal information such as drivers licence, address details, income details - report it to the police. Protect your identity by keeping your personal data in the right hands. For more information view the Australian Bankers Association fact sheet on protecting your identity Tips to "Spot" and "Avoid" Scams Internet Banking Security Tips Before Logging On to Citibank Online It is important you protect your computer and information with some easy-to-use tools such as firewall programs, email filters, anti-virus software and spyware filters Review your account statements as soon as you receive them and notify Citibank immediately of any unauthorised transactions Always type www.citibank.com.au into your browser when signing on to Citibank Online. While Logged On to Citibank Online Citibank will never send you emails containing links. It is important not to click on any links to Citibank Online from an email Keep your ATM PIN secure and never disclose it to anyone Do not select an easily identifiable ATM PIN like 1111, 1234 or dates of birth Before submitting information through a website, look for the "padlock" icon on your browser's status bar or that the website address starts with "https://" and not just "http://"- when such security details are present, your information is in a secured session Contact CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas) if you notice a discrepancy in the date and time of your last sign in. This information is found at the top of the "My Home" page after you login to Citibank Online Misspelled words either in the email message or within the website may signal a potential scam Always exit Citibank Online by clicking on the "sign-off" option, do not just close your browser Report all suspicious emails by forwarding them as an attachment to Citibank: spoof@citicorp.com - for further investigation and action If you suspect your account has been compromised in any way, call CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas). Customers should understand that Citibank will never send emails to customers to verify personal and/or account information. It is important you disregard and report emails which: Request any customer information - including your ATM PIN or account details. Therefore, customers should not reply to emails that request such information Advise you to contact a phone number to verify your card or account details. Always call CitiPhone on 13 24 84 (+61 2 8225 0615 if calling from overseas) Send emails to customers instructing them to login or apply for a product via a link in an email. Therefore customers should not click on such links. Protect your personal computer Install up to date anti-virus software on your computer to safeguard against viruses being downloaded onto your system Use a personal firewall to prevent unauthorised access to your computer Use an up to date operating system (such as Microsoft Windows XP) and Internet browsing software Learn more about software and browser requirements to effectively protect your computer. Protect your personal and account data Change your Citibank ATM PIN on a regular basis Never disclose your ATM PIN to anyone, not even to a Citibank representative Be careful when using public or shared computers, and check they use up to date anti-virus software and firewalls Learn more about which browsers are recommended Contact CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas) if you suspect your personal or account data has been compromised. How Citibank is protecting you Citibank is committed to providing a secure banking environment for our customers. Citibank uses the latest technology and systems to deliver a range of security initiatives as part of an ongoing program to enhance the security of our online banking website. All communication sent from your computer to our secure systems is encrypted to ensure the confidentiality of all data sent and received Citibank's dynamic on-screen keyboard, found on the sign on page of Citibank Online, is a means of protecting your password when you enter it. This sign on method consists of an on-screen keyboard from which your password is entered with your computer's mouse, rather than a keyboard which can be more easily targeted by key logging software A digital certificate (found by clicking on the Padlock Icon in the Status Bar at the foot of the page ) is used to verify the identity and authenticity of Citibank's websites Immediately upon signing in to Citibank Online, the "My Home" page details the date and time of your last sign in. Contact CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas) if you notice a discrepancy in the date and time of your last sign in A security feature unique to Citibank is the Online Authorisation Code which provides added protection when performing third party funds transfers The Citibank Online website is constantly monitored by dedicated personnel 24 hours a day who review the website to identify opportunities to enhance the site's security and to maintain all the internet banking services available for our customers Citibank customers are able to contact CitiPhone 24 hours a day, seven days a week for assistance with any queries. If you believe your account has been compromised in any way, call CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas) For more information the following websites are also available: Australian High Tech Crime Centre Australian Competition and Consumer Commission - Scamwatch Australian Securities & Investment Commission Protect Your Financial Identity What could happen Email fraud - spoof (also known as phishing or hoax) A spoof website is one that mimics a popular company's website to lure one into disclosing confidential information. To make spoof sites seem legitimate, thieves use the names, logos, graphics and even code of the real company's site. Although they can be difficult to spot, these sites generally ask you to click a link to a spoof website and request you provide, update or confirm sensitive personal information. As bait, they may allude to an urgent or threatening condition concerning your account. Signs of a spoof email There may be a sense of urgency. Example: Your account will be closed or temporarily suspended or you will be charged a fee if you do not respond Advise customers to contact a phone number to verify your card or account details There are embedded links that look legitimate because they contain all or part of a genuine company's name. These links may take you to spoof sites that ask you to enter, confirm or update sensitive personal information There may be obvious spelling errors. These errors enable spoof emails to avoid the spam filters that internet service providers use. If you've received one of these emails, please forward it to spoof@citicorp.com. As email spoofs continuously evolve, providing us with examples will help our ongoing investigations. Email spoofs can continually evolve, and even slight variations, like differences in the embedded links, will aide our investigations. Customers should understand that Citibank will never send emails to customers to verify confidential, personal or account information. If you believe your account has been compromised in any way, call CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas) For more information the following websites are also available: Australian High Tech Crime Centre Australian Competition and Consumer Commission - Scamwatch Australian Securities & Investment Commission Protect Your Financial Identity Click on to expand and on to minimise the details. What should I do if I suspect that I've received phishing email? If you receive a suspicious email that appears to have been sent by Citibank, contact CitiPhone immediately on 13 24 84 (+61 2 8225 0615 if calling from overseas). Forward all suspicious emails as an attachment to spoof@citicorp.com for further investigation and action. How can I ensure that I am communicating with a financial institution during secure session? You can verify that you are communicating with a genuine financial institution by examining the website certificate during a secure session. This will verify the identity of the specific website you are accessing as well as validate that the site is secure and genuine. It also ensures that no other website can assume the identity of the original secure site. Please refer to your internet browser's documentation for instructions on how to view a certificate. Always ensure that you are using a secure website when submitting credit card or other sensitive information. To make sure you are on a secure web server, check the beginning of the website address in your browser's address bar - it should read https://, rather than just http://. What should I do if I've already provided my credit or debit card information to a possible phishing email? Report the theft of information to Citibank by contacting CitiPhone as quickly as possible on 13 24 84 (+61 2 8225 0615 if calling from overseas). How is my information transmitted safely over the Internet? Web browsers use standard security protocols like Secure Socket Layer (SSL), and Secure Hyper Text Transfer Protocol (S-HTTP) to enable private information to be transmitted safely over the Internet. When you visit a website with the SSL protocol, a secure connection is created between your computer and the website server you are visiting. Once this connection is established, you can transmit any amount of information to the web server safely. In contrast, the S-HTTP is designed to transmit individual messages securely. How can I tell if my browser session is secure? For most web browsers such as Microsoft Internet Explorer and Netscape Navigator, a secure, encrypted session will be indicated by a closed padlock or an unbroken key icon that appears in the lower left or right hand corner of the browser window. You should also check the address bar of your browser. If the website address starts with "https://" rather than the standard "http://" then the session is secure. What do I do if I've downloaded a virus or Trojan program? Some phishing attacks use viruses and/or Trojans to install programs called "key loggers" onto your computer. These programs capture and send out any information that you type to the phisher, including account numbers, usernames and passwords. In this case, you should: Install and/or update anti-virus and personal firewall software Update all virus definitions and perform a full scan Confirm every connection your firewall allows. What is a Digital Certificate and how does it help to ensure security? Digital certificates are issued by extensively audited and controlled certification authorities to authenticate a website or elements of websites. The certificate identifies the originator of the site and verifies that it has not been tampered with. When your web browser is presented with a certificate, it will check to see if a legitimate certification authority issued the certificate. If there is a match, your session will continue. Otherwise, your browser will issue a warning, and your safest action is to cancel your activity. Can other people view my personal information when I am using the Internet? If a secure session is established and the information is encrypted during transmission, then others will not be able to view your information. However, you should be aware that some web browsers will store information on your computer even after you are finished conducting your online activities; this is called caching. Therefore, you should close your browser once you are finished using the Internet, particularly if you visit secure sites to conduct financial transactions, check account balances or view any other information that you regard as private and confidential. Are email transmissions secure? Email sent over the Internet is generally not secure unless it is encrypted. In reality, most email programs currently do not have this capability. As most email transmissions are not secure, you should never send any personal or financial information, such as your credit card number, over email. For more information the following websites are also available: Australian High Tech Crime Centre Australian Competition and Consumer Commission - Scamwatch Australian Securities & Investment Commission Protect Your Financial Identity

Citigroup.com    Terms & Conditions Privacy Security Careers Contact Us Site Map Citi.com is the global source of information about and access to financial services provided by the Citigroup family of companies. Copyright © 2012 Citigroup Inc.