Select Your Residential State
Please select your state
There are some errors on this page.
  • Please enter your state.
  • Product offerings may differ among geographic locations. By selecting your state of residence, you'll be shown the specific terms and rates that will apply to your new account.

    Please note: If you choose to cancel this process, you may be redirected to a page other than the one you requested.

    Mobile Fraud

    Text wisely, and safely.

    Before you respond to any text message, learn how to distinguish a genuine text from a "SMiShing" message that may have been sent by a scam artist.

    Mobile Fraud

    What is SMiShing?

    Named for SMS (Short Message Service), the technology used for cell phone text messaging, SMiShing messages appear to be from a legitimate company and typically contain a link that takes you to a spoof website or asks you to call a phone number. Even if you don't enter any information, selecting the link can lead to other problems, such as installing key logging software or dangerous viruses on your phone.

    How to spot SMiShing

    • Requests to renew your bank service — The message may say your banking web service has expired, and to renew it you need to select an enclosed link and visit your bank's website where you can update your account information.
    • Impending charge notices — The text usually states something to the effect that you will be charged a certain amount per day if you don't call to cancel.

    How to protect yourself

    • Avoid selecting links in unsolicited text messages — Instead, go directly to the company's website and fill out information there.
    • Don't respond to unknown numbers — If you miss a call on your mobile device or receive a text message from an unknown number, it's safer to ignore the call or delete the message. If you're suspicious about a banking phone number received via text message, you can always call the toll-free number on the back of your credit or debit card instead.
    • Set up blocking features — Check with your wireless phone company to see if they offer the option to block certain types of text messages.
    • Get on the Do Not Call List — Register your wireless number with the national Do Not Call List. Either sign up online at or call 1-888-382-1222.
    • Install software with discretion — Only install software from reputable companies or from providers you trust.

    Report SMiShing

    If you suspect that you’ve received a fraudulent text message, please forward it to us. After forwarding the text message, you should delete it from your device.

    • Forward suspicious texts to:
    • You may also want to forward it to the Federal Trade Commission at:
    • Or contact them at: , 1-877-IDTHEFT

    Think you've responded to a SMiShing text message by mistake?

    If you have already replied to a text message with personal information and now think the text was fraudulent, call us immediately at: 1-888-285-9696

    Did you know...

    • If you use Voice over Internet Protocol (VoIP)—such as Vonage® or SkypeTM—be on guard for calls that play a recording claiming your credit card or bank account has had unusual activity, and give you a phone number to call. This is called Vishing and is a type of Internet phone scam. When contacting Citi always use a trusted number, like the one on the back of your card. But remember, this threat is not dependent upon using VoIP. Any phone service can be used for this.
    • You should watch out for SMS (plain text) and MMS (multimedia) message headers that start with the number 19. If you respond to them, you'll be charged a premium rate that can leave you saddled with a huge cell phone bill.
    • Some mobile service providers in conjunction with anti-virus companies offer phone based anti-virus software designed to protect your phone.

    Spoof websites

    A spoof website is one that mimics a popular company's website to lure you into disclosing confidential information. To make spoof sites seem legitimate, thieves use the names, logos, graphics and even code of the real company's site. They can even fake the URL that appears in the address field at the top of your browser window and the padlock that appears in the lower right corner. The links in the spoof e-mails almost always take you to a spoof website.

    Key logging

    This is another method used to capture your personal information. Here's how it works. You click on a link to a website or open an attachment that secretly installs software on your computer. Once installed, it records everything you type, including any User IDs, Passwords and account or personal information. Thieves know how to retrieve this information, or even set it up to automatically have it sent back to them! This is a very real risk when using public or shared computers such as those in internet cafés.

    Think you're a victim of identity theft?
    (NY metro area)
    (other areas)

    Report a lost or stolen credit card.

    Report suspicious e-mails or phishing.