What is a spoof?
Spoof e-mails (also known as phishing or hoax e-mails) appear to be from well-known companies. To bait you, an e-mail may say there's an urgent situation concerning your account, then ask you to click a link back to a spoof website to provide personal information.
Even if you don't supply any information, just selecting the link may enable thieves to access your computer, record your keystrokes, and capture your passwords.
Also, beware of spoof web forms that ask you to provide confidential information that a legitimate company would not ask the customer to enter for a particular transaction.
How to spot a spoof
- Sense of urgency — Messages claim your account will be closed or temporarily suspended, and warn you'll be charged if you don't respond.
- Spelling errors — There may be obvious spelling errors, which help spoof e-mails avoid spam filters.
Our e-mail security practices
What we do:
- Include an "E-mail Security Zone" with your first and last name, and either the last 4 digits on your ATM/Debit or Credit Card or the last 4 digits of your specified bank account number. See how it looks
- Send you e-mails with links to features such as online tours and information or promotions about Citi products. These links are only for convenience and you can always type in our URL directly.
- Notify you by e-mail when there's a message waiting for you in your
secure online inbox.
How to protect yourself
- Go directly there — The best way to get to any site is to type its address (URL) into your browser and then bookmark it.
- Set up a login cookie — Some sites like Citibank.com let your computer remember your User ID. This way, when you return to the site from an e-mail to sign on, your User ID will be visible in the sign on box. A spoof, or fake, website will not be able to display your User ID. (Never use the Remember Me feature on a public or shared computer.)
Report a spoof
If you suspect that you've received a fraudulent e-mail message, please forward it to us. Don't change or retype the subject line, as this makes it more difficult to properly investigate. After forwarding the e-mail, you should delete it from your inbox.
- Forward suspicious e-mails to: email@example.com
- You may also want to forward it to the Federal Trade Commission at: firstname.lastname@example.org
- Or contact them at: www.consumer.gov/idtheft , 1-877-IDTHEFT
Think you've responded to a spoof e-mail by mistake?
If you have already replied to an e-mail with personal information and now think the e-mail was fraudulent, call us immediately at: 1-888-285-9696