ONLINE BANKING SECURITY

Online Security Tips.

Your online protection.

Online Security Tips by Citibank IPB

At Citibank, we constantly update our security technology to protect your privacy and confidentiality. It is important that you take the necessary measures to safeguard yourself.

Here are some of the security features and tips customers should be aware while ensuring a pleasant and secure online banking experience.

Safeguard yourself while banking online

When accessing Citibank Online, always look out for the padlock symbol for your browser to ensure that the website has a valid certificate marked to Citigroup Inc. [US].

link
HOW TO PROTECT YOURSELF WHILE BANKING ONLINE
secure

When accessing Citibank Online, always check that the www.ipb.citibank.com.sg website has a valid certificate marked to Citigroup Inc. [US]. We recommend that you enter the bank's address (www.ipb.citibank.com.sg) in your browser URL field to access and login to your account.

link
secure Never provide the One-Time PIN (OTP) that is sent to your mobile phone to anyone, including people claiming to be from Citibank.
secure Always check SMS alerts from Citibank for any unauthorised transaction in particular, any unauthorised registration of Citi Mobile® Token or unauthorised addition of new payee via Citibank Online.
secure Ensure that your contact number and email address are always updated, so that we can send you alerts that may prevent fraudulent activity.
Security Alert

Mobile Malware

New variants of mobile malware targeting Android smartphones continue to appear in the Asia-Pacific region. These malicious apps often target mobile banking apps, and may attempt to steal customer credentials and perform fraudulent transactions.

In some cases, the mobile malware will attempt to circumvent the additional layer of security provided by One Time PINs (OTPs) by intercepting text messages (SMSs) or generating a fake dialogue inside the mobile banking app in order to trick a user.

Citi recommends customers remain alert for malware threats and review our Online Security Tips. Specifically, Citi suggests that all mobile users consider:

  • Only installing applications from trusted and official sources
  • Installing a reputable mobile antivirus application
  • Keeping mobile device software up-to-date
  • Being aware of the heightened risks associated with 'rooted' or 'jailbroken' devices
  • Not following any links or instructions provided from unknown or suspicious sources.

Customers who notice unusual behavior in their online banking session should immediately terminate the online banking session and contact Citi’s 24-hour Citiphone on (65) 6224 5757.


Security Alert: TINBA Malware

A new variant of the TINBA malware is targeting banks in Singapore. This malware, when installed on the victim’s PC, steals online banking credentials via fake messages and fake web pages that ask for personal information.

Citi recommends customers remain alert for malware threats and consider the following tips:

  • Malware often arrives on your PC in an email attachment. You should never open an attachment from someone you don’t know or if an email looks suspicious.
  • Malicious websites can install malware on your PC when you visit them. Never open links to webpages that you don’t recognize or that are sent from people you don’t know.
  • Install anti-virus software and make sure it is kept up to date. Anti-virus software should be configured to check for updates at least once per day.
  • Keep your PC operating system up to date.

Customers who notice unusual behavior in their online banking session should immediately terminate the online banking session and contact Citi’s 24-hour Citiphone on (65) 6224 5757.


Security alert: DYRE malware

Variants of the DYRE malware continue to target online banking customers worldwide.

DYRE, also known as Dryeza, is a malicious program used by cybercriminals to steal online banking credentials and perform fraudulent transactions. Dyre is usually spread by phishing emails containing attachments or hyperlinks that, once opened, can exploit your computer’s existing security flaws to install the malware. Once installed, DYRE can redirect websites through servers operated by criminals, allowing them to capture and alter data in real time.

Signs of a DYRE infection include:

  • Repeated requests for User ID, Password and/or One-Time PIN (OTP)
  • Changes in the appearance or procedures of online banking
  • Delays and persistent "loading" screens.

Citi recommends customers remain alert for malware threats and review our Online Security Tips.

Customers who notice unusual behavior in their online banking session should immediately terminate the online banking session and contact Citi’s 24-hour Citiphone on (65) 6224 5757.


Security alert: POODLE

A security vulnerability known as "POODLE" (Padding Oracle On Downgraded Legacy Encryption) has been discovered on the SSL3 (Secure Sockets Layer v3) used by old versions of web browsers such as Internet Explorer 6 on Microsoft XP.

SSL is used to establish an encrypted link between a website and a web browser (such as Internet Explorer) to keep the customer's credentials and transactions secure.

In view of this vulnerability, we will not be supporting older versions of web browsers as of 11th January 2015.

We recommend customers to refer to the Supported Browsers and Roles and Responsibility for steps to ensure a safe and secure online banking experience.

Features
Roles and Responsibility
Fraud
Supported Browsers
Reporting
  • The Global Online Account for global citizens.
  • Citi mobile® the way to bank