Online Security

Banking Fraud and Scams

Variants of the DYRE malware continue to target online banking customers worldwide.

DYRE, also known as Dryeza, is a malicious program used by cybercriminals to steal online banking credentials and perform fraudulent transactions. DYRE is usually spread by phishing emails containing attachments or hyperlinks that, once opened, can exploit your computer's existing security flaws to install the malware. Once installed, DYRE can redirect websites through servers operated by criminals, allowing them to capture and alter data in real time.

Signs of a DYRE infection include:

  • Repeated request for User ID, Password and/or One-Time PIN (OTP)
  • Changes in the appearance or procedures of online banking
  • Delays and persistent "loading" screens.

Citi recommends customers remain alert for malware threats and review our Online Security Tips.

Customers who notice unusual behaviour in their online banking or believe their computer may be infected should immediately contact Citi's 24-hour CitiPhone helpdesk on 13 24 8413 24 84 or +61 2 8225 0615+61 2 8225 0615 if you are overseas.

Email scams

  • You may receive phishing emails that contain links or malicious attachments that could capture your details or harm your device. These emails seek to trick people into giving out personal details including banking details. They are designed to look legitimate and often contain a corporate logo.
  • Regularly visit our Latest Security Alerts section for information on scams targeting Citi customers or customers of other financial institutions.

Malicious software

  • Malware, or malicious software, is an intrusive program that fraudsters try to install on your computer or device. Malware, such as a virus or Trojan, can disrupt or slow down operation, gather personal and financial details, extract funds or perform other fraudulent activities under your name.
  • Malware is usually sent as an attachment to emails claiming to be from a trusted source, or disguised as genuine software.

Phishing over the phone

  • Phishing, traditionally where emails seek to trick people into disclosing their account or personal details, is now increasingly happening over the phone. Be particularly vigilant if you're asked to disclose any online banking sign in details SMS code sent to your mobile.
  • Protect your SMS code like you would a password or a PIN. Disclosing your SMS code contravenes our terms and conditions and may find you liable for any losses due to fraud on your account.

SMS phishing

  • Fraudsters can spoof the sender name so they may appear to be from a trusted source. These SMSs often use scare tactics and contain links to fake websites in an attempt to capture your passwords and other sensitive information.

Credit card fraud can occur when someone obtains your credit card details and uses them over the phone or on the Internet to make purchases in your name. You should always carefully check your statement each month to determine if there are charges for purchases you did not make.

Fraud can also occur when a person assumes your entire identity and obtains credit cards in your name.

If you suspect that fraud has occurred on your card, it's important to contact CitiPhone immediately on 13 24 8413 24 84 or +61 2 8225 0615+61 2 8225 0615 if you are overseas. We will assist you with stopping your card (as well as any other card affected) and investigating the fraudulent activity.

Citi related scam

Report all suspicious emails by forwarding them as an attachment to Citi - spoof@citicorp.com - for further investigation and action.

Non Citi related scam

Report any non Citi related scams to SCAMwatch an independent website run by the Australian Competition & Consumer Commission (ACCC).

SCAMwatch provides information to consumers and small businesses on how to recognise, avoid and report scams. Anything reported to SCAMwatch will be analysed and acted on by the ACCC.

Stay up to date

Register for Stay Smart Online Alert Service, a free Government-run service to alert you of new online threats as they are identified.

How we protect you

Our card deactivation feature allows you to immediately block your credit card in the event that you misplace it or it is stolen.

Learn how to deactivate your credit card

Our Two-Way SMS Alert service has been designed to help you keep your credit card purchases safe. It ensures a quick and easy two-way communication with Citi in the event of any suspicious activity being detected when making a purchase.

  • The Two-Way SMS alert service is set up for all Citi credit card holders. The service will immediately notify you of any transactions deemed to be suspicious and allow you to confirm by replying to our SMS:
    • Reply 1 to confirm the transaction as Genuine
    • Reply 2 to confirm the transaction as Fraud
  • An SMS will be sent from +61 488 952 484+61 488 952 484 containing the transaction information. We will not ask for any further information other than a reply of either "1" or "2". By replying to our SMS you can confirm whether the transaction we are asking about was made by you (SMS cost will be as per charges by your telecommunication provider)
  • To benefit from this service please ensure you have provided us with your current mobile phone number. Updating your contact details is easy at Citibank Online. Visit Citibank.com.au/updateme to watch our demonstration video.

The Citi One-Time PIN (OTP) adds to the security of your account when you are transacting online. All major transactions, including adding a payee will require an OTP to be completed.

You can receive an OTP as an SMS or generate one using the Mobile OTP function on the Citi Mobile® App. You will need to ensure your mobile number is up-to-date. Updating your contact details is easy at Citibank Online. Visit Citibank.com.au/updateme to watch our demonstration video.

Learn more about Citi OTP

The Online Authorisation Code (OAC) is a security feature of Citibank Online that provides you with added protection when you are adding a new payee. When adding a new payee, the OAC will be sent to your registered mobile phone number via SMS before you can transfer funds. Please ensure your mobile number is up-to-date. Updating your contact details is easy at Citibank Online. Visit Citibank.com.au/updateme to watch our demonstration video.

Citibank is committed to providing a secure banking environment for our customers. Citibank uses the latest technology and systems to deliver a range of security initiatives as part of an ongoing program to enhance the security of our online banking website.

  • The Citibank Online website is constantly monitored by dedicated personnel 24 hours a day who review the website to identify opportunities to enhance the site's security and to maintain all the internet banking services available for our customers.
  • A digital certificate (found by clicking on the Padlock Icon in the Status Bar at the foot of the page ) is used to verify the identity and authenticity of Citibank's websites.
  • Immediately upon signing in to Citibank Online, you will see the date and time of your last sign in. Contact CitiPhone immediately on 13 24 8413 24 84 (+61 2 8225 0615+61 2 8225 0615 if calling from overseas) if you notice a discrepancy in the date and time of your last sign in.
  • All communication sent from your computer to our secure systems is encrypted to ensure the confidentiality of all data sent and received.
  • Citibank customers are able to contact CitiPhone 24 hours a day, seven days a week for assistance with any queries. If you believe your account has been compromised in any way, call CitiPhone immediately on 13 24 8413 24 84 or +61 2 8225 0615+61 2 8225 0615 if calling from overseas.

How to protect yourself

Before signing in to Citibank Online

  • Protect your computer and information with some easy-to-use tools such as firewall programs, email filters, anti-virus software and spyware filters.
  • Review your account statements as soon as you receive them and notify Citibank immediately of any unauthorised transactions.
  • Always type www.citibank.com.au into your browser when signing on to Citibank Online.

While signed in to Citibank Online

  • Citi emails may contain links to the Citibank website. Please ensure the mail is from Citi prior to clicking on any links.
  • Before submitting information through a website, look for the "padlock" icon on your browser's status bar or that the website address starts with "https://" and not just "http://"- when such security details are present, your information is in a secured session
  • Misspelled words either in the email message or within the website may signal a potential scam
  • Always exit Citibank Online by clicking on the "sign-off" option, do not just close your browser
  • Report all suspicious emails by forwarding them as an attachment to Citi - spoof@citicorp.com - for further investigation and action
  • If you suspect your account has been compromised in any way, call CitiPhone immediately on 13 24 8413 24 84 (+61 2 8225 0615+61 2 8225 0615 if calling from overseas)

Customers should understand that Citibank will never send emails to customers to verify personal and/or account information.

It is important you disregard and report emails which:

  • Request any customer information - including your ATM PIN or account details. Therefore, customers should not reply to emails that request such information.
  • Advise you to contact a phone number to verify your card or account details. Always call CitiPhone on 13 24 8413 24 84 (+61 2 8225 0615+61 2 8225 0615 if calling from overseas).
  • Instructing you to login or apply for a product via a link in an email.

Beware of suspicious telephone calls.

  • Citibank won't contact you by phone with the offer of a preapproved credit card. If you receive a phone call from someone offering you a preapproved Citibank credit card - on the basis you supply them with personal information such as drivers licence, address details, income details - report it to the police or contact Citibank on 13 24 8413 24 84.

Be wary of scams

  • Use caution when receiving a phone call from someone claiming to be from a reputable organisation and consider what they are asking for. Never give them remote access to your computer. If in doubt, ask for a reference number and call back on a trusted number (i.e. from the phone book) to confirm the call was genuine. Visit Scam Watch for more info.

Regularly change passwords for everything online

  • We recommend setting a reminder to change them every couple of months.

Securely dispose of sensitive documents

  • Don't simply throw your bank documents, bills etc. in the bin. These should be shredded or destroyed.

Secure your mailbox

  • Use a padlock or PO box and report any missing mail to the relevant provider.

Be guarded with your social media accounts

  • Be familiar with your privacy settings and ensure you only share what you want with who you want. Consider hiding things like your date of birth, work information & contact details.

Protect your PIN

  • Keep your ATM PIN secure and never disclose it to anyone
  • Change your Citibank ATM PIN on a regular basis
  • Do not select an easily identifiable ATM PIN like 1111, 1234 or dates of birth
  • Never disclose your ATM PIN to anyone, not even to a Citibank representative
  • Install security software, turn on automatic updates and scan your computer regularly.
  • Keep your operating system updated.
  • Avoid using shared computers or devices as they may have malware that could compromise the security of your online activity.

Don't fall for SMS phishing

  • Fraudsters can spoof the sender name so they may appear to be from a trusted source. These SMSs often use scare tactics and contain links to fake websites in an attempt to capture your passwords and other sensitive information.

Keep your operating system and apps updated

  • Go to iTunes for Apple devices, Samsung or Google play store for Android devices and the Microsoft or Windows Phone Store for Windows devices.

Stay clear of unsafe or fake apps

  • Only download apps from official app stores and never from a link within an email or SMS.

Protect your device

  • Use a security app such as McAfee Multi Access.

Tighten your mobile service security

  • Call your mobile service provider and ask if they can add a keyword to your account and call them immediately if you notice unexpected or unusual service outages.

Use a passcode

  • Protect access to your mobile device particularly if you have apps linked to your credit card.

Credit cards are widely accepted in most countries so you don't need to carry as much cash. However, there are risks to using your card overseas such as card theft and skimming.

Learn more about travelling overseas
Online Banking Demo Videos
video close