Staying safe online

Online fraud is the crime of our times. Every day, countless attempts are made to steal money and data from people and organizations around the world via digital means. Many of these attacks are increasingly sophisticated in nature. They often deploy bogus emails and websites that impersonate those of legitimate and trusted companies and other bodies, including banks, charities, governments and even the police. Without care, you can end up handing over personal data or transferring funds to the fraudsters.

In this environment, vigilance is essential. By taking the time to stop, think and make basic but important checks, you can lower the risk of falling victim to scams in cyberspace.

Keys to email security

Whenever you get an email, always ask yourself who it really comes from. The first step is to look closely at the sender’s email address. Fraudsters can mimic email addresses and send messages from domains which, at least at first glance, resemble a company's real e-mail address.

Especially if you are reading through your emails quickly on your mobile handset, you might easily mistake a fraudulent sender’s address such as “Privatebank@citti.com" for a legitimate one such as "Privatebank@citi.com". 

In addition to the email address, pay attention to the content of the email. Does it sound like something you’d expect to read from that sender? Poor spelling, dodgy grammar and shoddy layouts may be clues that something is not as it should be.

If in doubt, check it out!

With any email that you don’t trust that purports to be from us, you should contact your Citi representative to confirm its status. Never reply to an email, let alone supply sensitive information, without being completely sure who has sent it. Remember that a legitimate organization should never send emails asking for your passwords or PIN. 

Of course, cybercriminals know that they are likelier to fail if their victims proceed slowly and cautiously. For that reason, they try and induce a rapid response. A favorite trick is to alarm the victim by giving them notice of a suspended account facility or some other problem, which demands “urgent” resolution. To resolve the spurious issue, the victim is typically invited to “validate their account details,” which involves handing over passwords and other sensitive information to the criminals. Rather than responding hurriedly to such emails, you should treat them with great suspicion.

Never click on embedded links or open attachments from senders you do not know. These are often used to implant malicious software on your device, which can help cybercriminals obtain data that they can then abuse. Be extra cautious when using mobile devices, as these can be less well protected. When verifying a suspicious email, don’t use any contact details supplied within that email, be it a phone number or email address. Instead, use details from a source you know to be genuine.

In the unfortunate event that you believe you may have fallen victim, report it to the genuine institution and the authorities immediately. To raise the alarm, always look up the contact details of the institution in question yourself, rather than using what appears in the suspect email.

Maintaining vigilance

Like bogus emails, fraudulent websites can look like the real thing. But the devil may be lurking in the detail. So, always take a close look at the domain name of the website that you see in front you. Poor English and layout are red flags, as in the case of emails.

When looking for reliable information about pressing issues such as COVID-19, seek out trusted sources of information, such as government websites. There have been numerous cases of fraudsters offering bogus information about the pandemic in order to lure people into clicking unknown links in emails, in text messages or on the internet.

If you think you may have fallen victim to any scam, always report it immediately because fraudsters will make extremely fast use of your stolen data.

EUROPOL (The EU Agency for Law Enforcement Cooperation) publishes useful information on cyber safety in its Public Awareness and Prevention Guides pages.