Kip Tips
Scammers Pose as Citibank
Watch out for this suspicious e-mail.
By Cameron Huddleston, Contributing Editor, Kiplinger.com
November 9, 2009
- Comments
- Email This Article
- Print This Article
- Order a Reprint
Advertisement
A few of my colleagues received a legitimate-looking e-mail this morning from Citibank, with the subject line "Failed Login Attempts." One colleague found it pretty convincing, but another knew it was a fake because she doesn't have a Citibank account.
The e-mail says the recipient has three failed login attempts and should login to his or her account immediately, with the word "your account" linked. Don't click on the link.
Recently, I warned you about another e-mail scam. That one tells recipients that their bank has failed and directs them to a fraudulent site.
Never click on any link sent to you in an e-mail, no matter how convincing the message. Once you click on the link, you could have a difficult time telling if the site is authentic or a scam. (Not to mention that doing so will also signal the sender that your e-mail address is active, which could spawn more spam.)
Instead, verify requests for personal information. If an e-mail looks like it is from your bank, for example, use the Web address you usually use to access your account and confirm the request through the site's "Contact Us" link.
Tags:
Topics:
- Comments
- RSS
Permission to post your comment is assumed when you submit it. The name you provide will be used to identify your post, and NOT your e-mail address. We reserve the right to excerpt or edit any posted comments for clarity, appropriateness, civility, and relevance to the topic.
View our full privacy policy
Reader Comments (19)
Posted by: Mary at 11/09/2009 11:26:19 AM
I NEVER click on a link in an e-mail. I always use the web address. Another symptom of a scam? Hold your mouse over the so-called link they want you to use to access your account. Most of the time, you will see a totally different web-site address.
Posted by: Teri at 11/09/2009 12:41:09 PM
For the last three days, I have gotten daily phone calls, on an automatic dialer, to call them (Citi) regarding a card I have with them. I am ignoring it as I don't believe it is a real call. How do I know if it is real or not? Thank you.
Posted by: Greg at 11/09/2009 01:53:24 PM
Teri - essentially translate what Mary says and take the same approach. Don't call any number left by the automatic phone call, just call the number on the back of the card they are asking about. Then ask them if it's a legit call - I do believe they use that technique to reach people. But again, the general rule is to only contact your bank using an email address, website, phone number, etc. that you know and can trust.
Posted by: Cameron Huddleston at 11/09/2009 03:02:17 PM
Hi, Teri, this Cameron, author of this Kip Tip-- Call Citibank customer service using the number on the back of your card -- not the number that's appearing on your phone. Ask if they've been trying to contact you. Hope this helps.
Posted by: Jovan at 11/09/2009 03:34:36 PM
Their is currently a Bank of America one going around too! Watch out for those email PERIOD....if they arent contacting you through a more legit source, don't bother or call your bank PERSONALLY to research the issue!
Posted by: Mrs. Vargas at 11/09/2009 03:37:04 PM
@teri...I would call Citi PERSONALLY
Posted by: Jim Tom at 11/09/2009 04:01:24 PM
The scam messages don't just come from banks. Lately, there been regular phising emails claiming to be from the IRS advising an "unreported income" situation. IRS is aware of this and have a warning on their website, but many people must have been taken in by this scam and gave critical information when they responded to the email. All of these scam messages get put in the Spam Directory, but too many people open messages from Spam. You should caution people to simply delete all emails in the Spam Directory. Once in a great while some firm or person you know get directed by mistake to Spam, but that is rare and still poses a risk if it is opened.
Posted by: Richard at 11/09/2009 04:50:28 PM
I have had similar emails from someone pretending to be from HSBC even though I do not have an account with them. Like Mary says, hover your cursor over the link without clicking on it and you will see the website address in the bottom grey bar of internet explorer - you'll see it is definitely NOT HSBC.
Posted by: M at 11/10/2009 09:01:38 AM
Teri, Call the number on the back of your card.
Posted by: RR at 11/10/2009 11:05:21 AM
Mary, that is probably the best way to avoid falling into these traps. Another option is to actually log in to your bank/financial institution's website and if there are any alerts, you will usually see them on main page after logging in. Otherwise, you should NEVER click a link in an email asking you for any kind of sensitive personal information, no matter how convincing it is. Terri, that could be a legitimate call. You might want to call the customer service number listed on your card and see if there is anything listed on your account that requires your attention. That could actually be a legitimate call, not sure because we don't know the particular situation.
Posted by: Bernie at 11/10/2009 12:56:35 PM
I received an E-mail exactly like that OVER 4 yrs ago. I laughed at the time. I had a Citibank account, but that was years and years before, and was long since closed. I looked at my computer screen and said, "Nice try, P. T. Barnum!" I then simply deleted it.
Posted by: Bill H at 11/10/2009 02:32:27 PM
i got a letter from a texas bank, that said they own my MC now, and they suspected fraudulent activity.....and were canceling my MC card , and sending me a new one ?...that was 2 months ago...didnt appear legit to me...still using my old card.....weird...dont know what to make of it ?
Posted by: Scott at 11/11/2009 12:43:46 AM
Teri: Call the number on the back of your card or check the card's web-site for contact info.
Posted by: herb at 11/11/2009 10:05:12 AM
All banks have an email address for abuse (Phishing)...Just forward the email to their address and they will attempt to shut down the web site....
Posted by: liz at 11/11/2009 07:01:54 PM
I have received two from bank of america that states "You have until a certain date to update your personal information or your accounts will be frozen" I contacted Bof A and they said they never send these e-mails. Please don't be fooled.
Posted by: D.R. at 11/11/2009 11:08:45 PM
I'v been getting E-mails from Bank of America, last 2weeks, sometimes twice a day.I've never opened any,i just mark them spam,todays was on my e-mail alert but disapeared when i checked e-mails
Posted by: Ken at 11/12/2009 03:40:13 PM
Why are ANY banks still putting links to their sites in emails? They're just asking for this sort of thing. How many scams would succeed if we could send out one simple message: "Legitimate financial institutions NEVER put links in their emails. EVER."
Posted by: David at 11/13/2009 12:35:34 PM
It's happening at all the major banks: BofA, Wells Fargo, etc. It's across the board. But, so far, not my credit union. NEVER click on a link in an e-mail unless you truly know that e-mail's source.
Posted by: Kim at 11/29/2009 12:59:04 PM
I received the email and clicked on the link. However, I didn't fill out any info. I just looked at the window and closed. Do I need to worry about anything happening to my computer or personal info just by opening the link?