Security Alerts and Information
Clients may check this page regularly for the latest security alerts and/or news. If you are unsure whether any call, email or SMS is genuinely from Citibank, please contact us immediately and refrain from taking any further action. Whilst Citibank strives to provide you with the latest security alerts and/or news, please note that this webpage and the examples of scams/phishing listed here are not exhaustive.
Loan Scam
Date: 19th October 2020
We have been alerted of customers receiving unsolicited text messages from unlicensed moneylenders offering loan and loan services.
The message may purport to be sending from "Citibank" or other financial institutions to convince you that they are legitimate. Victims were instructed to transfer monies to the fraudster as a deposit before the loan can be disbursed. After the victims have transferred the monies, the victims find that the fraudsters are no longer contactable.
Examples of loan scam messages
What you should do
Ignore the message
|
Block and report the numbers on the platform where you received the message
|
For more information, you may refer to www.scamalert.sg.
Social Media and E-Commerce Scams
Date: 18th September 2020
There has been an increase in phishing scams cases involving emails and text messages since January 2020.
Victims of such phishing scams received emails or text messages by scammers impersonating entities the victims know or trust, such as banks, government agencies, trade unions, or companies such as Netflix, PayPal and DHL. These emails and text messages make fake offers or claims to trick recipients into clicking on an URL link. Such fake offers or claims include outstanding payment for parcel delivery, disruptions to services or subscriptions, refunds, or promotions. Upon clicking on the URL links, victims will be redirected to fraudulent websites where they are tricked into providing their credit/debit card details and One-Time PIN (OTP). Victims only realised that they have been scammed when they discovered unauthorised transactions made using their credit/debit card.
Impersonation Scam
Scammers will impersonate the victim’s friends or followers on social media like Facebook or Instagram using
spoofed or compromised accounts and reach out to the victims. The scammers will ask the victims for their
contact numbers, images of their credit/debit cards and One-Time PIN (OTP) on the pretext of signing them
up for fake lucky draws or promotions on online shopping platforms.
What does it look like?
Below is the typical flow of a social media impersonation scam
An impersonator poses as someone you
know/follow on your social media (e.g. Facebook or
Instagram) and sends you a personal message.
|
The impersonator claims to have lost
his/her contact list, asks for personal details such
as your mobile phone number to sign you up for
contests or promotion campaigns on
e-commerce sites.
|
The impersonator then claims that you have won a
lucky draw and asks for your credit card details and
OTP in order for him/her to credit the cash prize.
|
You later discover that the impersonator has made
unauthorised fraudulent transactions from your bank
account or mobile wallet without your consent.
|
What should you look out for?
|
Contact claiming to be someone you know sends you a personal message
asking for your mobile phone number and credit card details to sign you
up for contests or promotion campaigns on an online shopping platform.
|
|
Contact claims that you have won a lucky draw and asks for your credit
card details in order to credit the cash prize to you.
|
|
Contact asks for the OTP sent to your mobile phone number. |
|
Social media account impersonating your existing contacts sends new
friend/follower request to you.
|
E-Commerce Scam
Scammers will tout a good deal for a gadget, amusement park or concert tickets online, usually pricing these
way below market-price and for a limited time period. Victims lured by the attractiveness of the offer will
transfer payment to the “seller” who promises to deliver the item which never arrives.
What does it look like?
Below is the typical flow of an e-commerce scam:
An advertisement shows up on your social media (e.g. Facebook or Instagram)
selling a product at an attractive price over a flash
deal ending in an hour.
|
You visit the “seller’s” social media account page
and follow the URL linking to their “official”
webpage. Positive comments from buyers make
you think that the “seller” is legitimate.
|
You hastily decide to make the purchase before the
flash sale ends and follow the instructions on the
webpage to key in your credit card details.
|
You receive a confirmation email with the “seller”
requiring an additional delivery fee before sending
out the product. You are promised delivery within
3 weeks from the purchase.
|
You do not receive the product and attempt to
contact the “seller”. However, there are no
responses given once your payment transaction has
gone through.
|
What should you look out for?
|
Advertisements on your social media show deals from e-commerce that are way
below market-price, disguised as limited-time-only or flash deals.
|
|
Lack of information on the products or unstated terms and conditions.
|
|
Reviews/comments on the product that are only positive. |
|
Seller:
-
requires additional delivery fee before product can be sent out.
-
requests for conversations to be taken off shopping platform.
-
insists on bank transfers instead of using the platform's payment options.
|
How to protect yourself against social media scams:
ALWAYS
-
Verify the social media account’s legitimacy by
checking with your contacts offline, e.g.
contacting them via their mobile phone number.
-
Verify the website URL’s legitimacy.
-
Insist on cash-on delivery where possible, or use
the platform’s secure payment option.
|
NEVER
-
Disclose your personal particulars, OTPs and
banking and credit card details to anyone,
including family and friends.
-
Act hastily upon seeing a flash deal. Always
confirm the source.
-
Agree to private bank transfers to sellers before
delivery.
|
Impersonation and Technical Support Scam
Date: 24th July 2020
In the first 3 months of 2020, at least S$41.3 million were lost to scammers, based on cases that were reported to the Singapore Police.
As of 5 June 2020, it was reported in the news that more than S$7 million has been lost to scammers who were posing as technical support staff from January to April 2020, an increase of more than 40 times from the same period in 2019.
We would like to remind our customers to be wary of phone calls or SMSes claiming to be from banks, government agencies, courier or telco companies or any technical support teams requesting for you to provide them with your banking or log in credentials, perform funds transfers or asking you to update your information with them.
These calls/SMSes prey on your fears by making you think that your data/accounts have been compromised or that there are illegal activities linked to you, your account or your IP address.
In these calls:
The fraudster may deceive you
into revealing your banking or
login credentials such as
Username, Password, One-Time
PIN ("OTP") and/or Transaction
Authorisation Code ("TAC"). The
fraudster may claim that he/she
need the information to assist in
investigations but this is all part
of the ruse.
The fraudster may trick you into
performing a funds transfer from
your account to foreign bank
accounts.
The fraudster usually works with
other persons purporting to be
from government/law
enforcement agencies in
Singapore or overseas to try to
lull you into a sense of
confidence.
We set out below, a step-by-step flow of the latest impersonation and technical support scams that have been reported.
Please take some time to read this and share with your family and loved ones.
Here is a typical flow of impersonation scam:
Customer receives a call from
someone claiming to be from a
Bank/Telco/Government
agency/ Courier company,
informing him/her that his/her
internet account has been
hacked and used for illegal
activities.
The call is then transferred to
a Police/Interpol/Cybercrime
police etc.
Customer is advised by the
impersonator to download a
screen sharing software and
then log in to his/her Citi
account during the screen
sharing, in order to catch the
fictitious hacker.
During screen sharing,
impersonator is able to see
customer’s User ID, Password
and One-time PIN (OTP). Impersonator
then the OTP to download
Citi Mobile® Token, a payee and fund transfer or advises customer to add payee and perform fund transfer to the payee.
Customer is told to ignore all
SMS alerts from Citi as that
is the bank’s practice. Any
amount transferred will be
refunded to him/her as it is used
as a “bait” to catch the hacker.
The impersonator will assure
the customer that the money will
be returned the customer.
When customer tries to call the
impersonator to check on the return
of funds, the impersonator is uncontactable.
Monies would have already
been transferred out of his/her
banking accounts.
Below is a typical flow of a technical support scam.
Customer experiences a technical fault on his/her device and a technical support hotline
(e.g. from Microsoft) pops up on his/her screen. Customer proceeds to call the hotline.
Someone claiming to be from the customer support team answers and walks customer
through the steps of installing a screen sharing software (e.g. the Ultraviewer), in order to
recover his/her device.
Scammer will be able to see the User ID/Password & OTP and use the information to
enable customer's Citi Mobile® Token and add payee and transfer funds out of customer's
banking accounts.
Customer will be asked to submit his/her personal particluars in order to process the documents for the
enhanced security protocols. Customer will be assured that his accounts are safe and told
to ignore all SMS alerts from the bank.
When customer terminates the line and disconnects his/her devices from the network,
monies had already been debited from his/her banking accounts.
Customers are reminded to exercise caution at all times.
Take note of the following important pointers:
Impersonators may use Caller ID spoofing
technology to mask their actual number and
instead display a name/number one that
purports to be from a
Bank/Telco/Government agency/Courier
company.
No government agency will request for your
personal and banking details, or request for you
to transfer money over the phone or through
automated voice machines.
Do not act under the instructions of anyone
suspicious.
Always verify the identity of the caller. You can
do so by calling the official contact number of
the relevant entity. Do not assume that the
caller is genuine.
Do not give out any personal and banking information
(i.e. User ID, password or OTP) to anyone.
Treat them like your ATM PIN.
Customer Advisory – 3rd Party Mobile Applications / Websites
Date: 24th April 2019
Description: Do not use 3rd Party Mobile Applications / Websites for viewing Online Banking Details
We are aware that there are 3rd Party Mobile Applications / Websites that allow customers to have a consolidated view of their financial expenses / transactions across multiple banks, credit card, investments, equity trades, and loan accounts in one place.
Citibank would like to remind our customers not to download any 3rd Party Mobile Applications / Websites to view / access your Citibank Online accounts. There is a potential risk of your online banking credentials being compromised as Username and Password has been shared with the application.
To protect yourself, always exercise the following precautions:
- Do not download any 3rd Party Mobile Applications to view your online banking details.
- Do not input your Citibank Online Username and Password when requested by such applications / websites.
- If already inputted, immediately change Username and Password.
Use of Citibank Online is personal to you and no third party should be allowed to access/view your account/account information via Citibank Online, whether or not you have consented to such third party’s access. This is to prevent any unauthorized access or use of your account and account information. You are responsible for keeping any of your log-in credentials (including User ID and Password) confidential and you cannot reveal your log-in credentials to any third party.
Where you have revealed your log-in credentials to a third party, please note that Citibank is not liable for and you have to compensate us for any losses arising out of any use of your log-in credentials. In such an event, we also have the right, from a risk management perspective, to suspend your access to Citibank Online at any time.
Citi Email Addresses
Date: 14th April 2019
Description: Please note that we will send you email notifications from the following Citibank email addresses.
Email Addresses |
alerts@info.ipb.citibank.com.sg |
statements@info.ipb.citibank.com.sg |
advices@info.ipb.citibank.com.sg |
welcome@info.ipb.citibank.com.sg |
marketing@info.ipb.citibank.com.sg |
services@info.ipb.citibank.com.sg |
customerservice@info.ipb.citibank.com.sg |
Customer Advisory
Date: 5th September 2018
Description: Be alert to emails and SMS scams.
We would like to remind our customers to remain vigilant when responding to emails and SMS messages from senders masquerading as popular brands, often requesting for you to:
- Complete a survey or a quiz, with the promise of cash prizes, loyalty points or air miles.
- Provide your card number, in order to participate in the survey or quiz.
- Provide your mobile phone number.
As a further tactic to convince victims of the authenticity of these scams, a One-Time Pin (OTP) will be sent to the mobile phone number that you've just provided. Unfortunately, with the successful solicitation of this information, the scammer would have gathered the necessary details to perform unauthorized transactions on your Citi Cards.
To protect yourself, always exercise the following precautions:
- When clicking on a link from an email, always check that the internet address that you are directed to is legitimate by verifying it in the web browser. If you're unsure, please check this with the brand or merchant.
- Never disclose your card numbers on merchant websites that have internet addresses that look incorrect.
- Check if the web browser displays a Locked Padlock icon. Reputable sites would have these.
- Never disclose your OTP to websites that you might be unfamiliar with.
- Always check your account statements regularly to detect any unauthorized transactions. For a real-time view of your transactions, login to the Citi Mobile® App.
Phishing Emails
Date: 7th August 2018
Description: We have detected phishing emails and webpages targeting Citi customers. These phishing emails comes from a non-Citi email address and requests Citi customers click on a hyperlink to unlock / update their online banking / credit card account.
If a customer falls victim to the phishing email and clicks on the hyperlink, they will be redirected to a page URL that is not official Citi website, requesting for a user's information (Username and Password), followed by a request to provide an SMS OTP. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data, username-password combinations, OTPs or infect a user's device as well as fraudulent enrollment of Citi © Mobile Token (which may be used to carry out payments to these fraudsters).
How can you protect yourself from this?
- Be alert. Minimize clicking on links in emails as these may not be legitimate.
- Check that you are using the official Citi website. Always type the Citibank Online website URL directly into the address bar of your browser. If you are on mobile, consider using the official Citibank Mobile application.
- Citi will never request for your PIN, password or OTP through phone call, email or SMS. Call Citiphone immediately if you notice unknown transactions appearing on your account.






Customer Advisory
Date: 20th July 2018
Description: A group of healthcare institutions has reported a data breach affecting more than 1.5 million patients. Patient data stolen included personally identifiable information such as names, addresses, birthdays, and national identification numbers. Approximately 160,000 patients had details of medical prescriptions stolen. Stolen credentials may be used to conduct social engineering and phishing scams. Such scams utilize personally identifiable information to appear legitimate.
How can you protect yourself from this?
- Be alert. Do not provide personal or bank information to unsolicited callers.
- Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or via email. Our staff will never ask you for such information.
- Contact Citiphone immediately if you are in any doubt of a call, SMS or email's validity.
SMS Phishing
Date: 20th May 2018
Description: We have detected multiple Phishing Emails. The sender email addresses varies from those ending with @gmail.com, @hotmail.com, @yahoo.com, etc. They contain messages including the requirement to update account details due to system maintenance or "New Message from Citibank". A hyperlink that purports to be a Citibank hyperlink (but is not) is also included in the message and takes customer to URLs that does not belong to official Citibank. The site has the same look and feel of that of Citibank Online. Such websites are designed to trick users into providing their online banking and credit card details to conduct fraudulent / unauthorized bank transfers and / or credit card transactions. Credit Card details provided could also be used to enroll for Payment Wallets such as Samsung Pay, Android Pay, Google Pay and Apple Pay.
How can you protect yourself from this?
- Be alert. Minimize clicking on links in SMSs as these may not be legitimate.
- Check that you are using the official Citi website. Always type the Citibank Online website URL directly into the address bar of your browser. If you are on mobile, consider using the official Citibank Mobile application.
- Never reply to unsolicited SMSs. Responses to such SMSs could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
- Only provide your credit card details if you're making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
- Citi will never request for your PIN, password or OTP through phone call, email or SMS. Call Citiphone immediately if you notice unknown transactions appearing on your account.




Protect Yourself from Fraud
Here are few types of fraud and the preventive steps that you can take to prevent yourself from becoming a victim.
Impersonation Scam
Impersonation scams are calls from people claiming to be government officials or staff members of any agency asking for personal details. Callers may claim your identity was used for suspicious activity and may intimidate you into giving them personal information such as your passport, bank account number, internet banking credentials or One-Time PIN (OTP).
How to protect yourself against impersonation scams:

Do not follow the caller’s instructions, including allowing remote access to your electronic or mobile devices. In some cases, scammers may threaten you not to talk to anyone about your situation so that you are unable to verify if it is a scam.
|

Do not disclose your banking or card credentials and One-Time PIN (OTP), and do not lend your ATM/ Credit Card/ Hardware Token to anyone.
|

Read carefully the content of any OTP received and never disclose your OTP to anyone over the phone or to unfamiliar websites.
|

Always review any SMS or email notifications from Citibank relating to your account and report any unauthorised transactions to Citibank immediately.
|
Phishing
Phishing emails, also known as hoax or spoof emails, are fraudulent emails that appear to be sent from a trusted source but are in fact, designed to trick you into revealing valuable data such as your User ID, password, card details and One-Time Pin (OTP).

Be aware of emails claiming to be Citi

- Always check the sender's email address.
- Remember that Citi will never ask you to confirm a payment or transaction via email.
- If in doubt, don't click the link and report to Citi's fraud reporting service.

Be aware of websites imitating Citi


Never enter your details into website unless you see the padlock icon + address

- Ensure that the padlock icon is displayed on the internet browser address bar.
- Your internet browser address bar should always display "https" instead of "http" when banking with Citi online.
SMiShing
SMiShing messages appear to be from a legitimate company and typically contain a link that takes you to a spoof website, or it may ask you to call a phone number. Even if you don't enter any information, clicking the link can lead to other problems, such as installing malicious software or dangerous viruses to your phone.
HOW TO RECOGNISE SMS FRAUD

You may receive an SMS from a fraudster posing as Citibank, requesting you to share personal information, such as account or card details.

In most cases you will be directed to a fraudulent lookalike website that requests you to enter your:
- Card details
- Name & Address
- User ID & Password
- One-Time PIN (OTP)

Fraudsters can utilise your details to make immediate purchases or fund transfers.
Security Tips
- Remove file and printer sharing when your computer is connected to the Internet.
- Regularly backup critical data and encrypt these data with minimal 128-bit encryption.
- Delete junk or chain emails.
Keep Your Card Safe At All Times
Here are some tips on how you can keep your card safe from fraudulent activities.
To learn more on how you can protect yourself online, click here
Authenticity of Citibank Website
Only login by typing Citibank's Website 'http://www.ipb.citibank.com.sg' onto your web browser. Always ensure that you are on a secure website before submitting your information via your web browser. To ensure you are on a secure website,
- Check the beginning of the Web address in your browser's address field - it will be "https://" rather than "http://".
-
Secure websites will also contain a padlock icon on the status bar at the top of the browser. Double-click to view details of the security certificate, which is issued to Citibank.
To verify that the website is authentic, check for the following details:
- The certificate is issued to www.ipb.citibank.com.sg
- The certificate is issued by Verisign.
- The certificate has a valid date.
-
Even if you see "https://..." and a warning is shown that the SSL Certificate does not belong to Citibank, you must terminate the session immediately and contact our 24-Hour CitiPhone Banking at (65) 6224 5757 to report the incident.
-
All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer using 128-bit encryption, the highest level of encryption commercially available.
Right-click on the page > Select Properties
URL: https://www.ipb.citibank.com.sg/SGIPB/
JSO/signon/DisplayUsernameSignon.do?locale=en_SG
Connection: TLS 1.0, RC4 with 128 bit encryption (High); RSA with 2048 bit exchange
-
When accessing Citibank Online, always check that the www.ipb.citibank.com.sg website has a valid certificate marked to Citigroup Inc. [US]. We recommend that you enter the bank's address (www.ipb.citibank.com.sg) in your browser URL field to access and login to your account.
About Fraud
Citibank is committed to keeping your credit card, Ready Credit and banking accounts (“accounts”) safe and secure 24 hours a day, 7 days a week.
We are pleased to present a 2 Way SMS service that allows us to alert you of any suspicious transaction on your account. If you receive such an SMS from us, you should inform us if the transaction is authorised by you or not by following the relevant instructions in the SMS.
How it works:
- A suspicious transaction is detected on one of your accounts.
- Citibank sends an SMS to your registered mobile number alerting you to the transaction and requesting for your reply to the SMS. The SMS from Citibank will be sent from the number 72484 or +65 9657 2484.
- You should reply to the SMS with “1” if the transaction is authorised by you or “2” if the transaction is not authorised by you.
Please note:
- You will receive the SMS from the number 72484 if your registered mobile is a Singapore number and +65 9657 2484 if it is not a Singapore number.
- We will not ask for any additional information to be provided other than “1” or “2”.
- If you are overseas, please send your reply to +65 9657 2484.
- It is important that we have your updated mobile number so that you can receive these alerts relating to your accounts.
If your credit card, ATM card or debit card is lost or stolen or if the PIN is compromised, it is important that you report the loss or theft or disclosure to us immediately so that we can prevent further transactions to the relevant account. To report the loss or theft or disclosure to Citibank, please call +65 6224 5757.
Your banking security is our utmost priority - which is why we constantly update our technology to protect your money, personal information and privacy. To protect yourself from suspicious emails that you may potentially encounter, you should understand what they are, how to identify them and how to avoid them.
-
Phishing occurs when fraudsters pose as trusted organizations and frequently send out fraudulent emails/instant messages to random email addresses and phone users. They also collect details from public websites where people post personal information and use this information to create customized fraudulent communications that appear legitimate.
-
Phishing or hoax emails tend to:
- Claim to be from a well-known company
- Mention that something is urgent or threatening to your account
- Request you to access a link to update or confirm your confidential information
-
- Be aware that Citibank will NOT email you for any confidential information
- Do not respond to any suspicious emails from unknown sender
- Do not click on embedded hyperlinks or open attachments in emails or SMS messages from unknown or suspicious sources
- Never reveal your User ID, passwords/OTP or account information to anyone
-
- Change your passwords or PINs on all your potentially affected online accounts
- If you think you have received a phishing email purporting to have come from Citibank, forward the entire email as an attachment to 'spoof@citicorp.com'
Phishing occurs when fraudsters pose as trusted organizations and send out thousands of fraudulent emails to random email addresses.
These emails usually contain a link to a look-alike website to mislead customers into entering sensitive financial information such as their account number and PIN. This will enable the fraudsters to capture the customer's account information to access the customer's bank accounts. Here is an example of what a phishing email might look like:
- If you suspect you've been sent a fraudulent email, contact our 24-Hour CitiPhone Banking at (65) 6224 5757 immediately or send us a secure mail after you sign on to Citibank Online.
- Do not input any sensitive information that might help provide access to your accounts, even if the website appears legitimate.
- Remember, Citibank will never send emails to customers to verify confidential, personal or account information.
How to Recognize and Avoid Spear Phishing
Recent headline-making breaches at major companies have underscored the importance of protecting your information from cyber criminals.
Cyber criminals use a variety of techniques to gain access to sensitive information or install malicious software. One of their most common techniques is “spear phishing".
PHISHING is the use of fraudulent emails to trick the recipient into revealing information or clicking on an infected link. SPEAR PHISHING is phishing that uses personalized or customized details to make the fraud seem even more legitimate to the targeted recipient. SMS PHISHING or SMISHING uses SMS to target recipients with phishing messages that contain hyperlinks.
How Spear Phishing Works
Cyber criminals collect details from various public websites where people post personal information, including blogs and social networking sites. Using this information, criminals create customized fraudulent communications that appear legitimate and send them to groups of people.
These emails appear to come from a known person or organisation and usually contain embedded hyperlinks. If recipients click on these hyperlinks, they are either brought to a fraudulent website which looks like the company’s legitimate website where additional personal or account information is collected; or malicious code is downloaded onto their computer.
How to Recognize Spear Phishing
- The email or SMS may come from an unknown sender.
- There may be a sense of urgency, eg Your account will be closed or temporarily suspended or you will be charged a fee if you do not respond.
- There may be obvious spelling errors. These errors enable phishing emails to avoid the spam filters that internet service providers use.
- Use the “hover” test before clicking on any hyperlinks in
emails: place your mouse pointer on the hyperlink without clicking. A small box will appear that displays the underlying destination to which you will be taken; if the two addresses do not agree, do NOT click the hyperlink.
How to Protect Yourself Against Spear Phishing
- Be suspicious of emails from unknown senders.
- Do not click on embedded hyperlinks or open attachments in emails from senders you do not know.
- Even if a message appears to be from Citibank, do not click on any links provided in the email. Instead, independently navigate to Citibank’s website or call Citiphone to determine if any action is needed.
- Do not provide personal information on unfamiliar websites or when posting information on social networking sites or discussion forums.
Customers should understand that Citibank will never send emails to customers to verify confidential, personal or account information. If you think you have received a phishing email purporting to have come from Citibank, forward the entire email as an attachment to spoof@citicorp.com and contact Citiphone immediately.
Pretext calling is defined as a deceptive means of obtaining personal information and unauthorised disclosure of customer financial information. Fraudsters may pretend as bank officers to obtain your account number or credit card number and other information required. Upon obtaining such information, the fraudsters may call your bank posing as you, using the information stolen to take over your identity in order to perform transactions using your account.
Another form of pretext calling is when fraudsters request victims to confirm transactions that were purportedly made on victims’ credit cards. When victims inform fraudsters that they do not have such credit cards, the victims are provided with a fake Bank Negara Malaysia telephone number in order to lodge a report. Upon calling, the fraudsters will request for victims’ personal information which will subsequently be used for fraudulent activities.
Be aware that Citibank Singapore Ltd will never request for your personal or financial information through SMS or telephone calls and will never ask anyone to transfer money to any third party account.
- Monitor and pay attention to your regular credit card and bank statements to ensure your transactions are accurate.
- Do not share personal information, such as account numbers, passwords, National Registration Identity Card (NRIC) number and other personal information over the telephone, email, SMS or internet, unless you know who you are dealing with.
- Store your personal information in a safe place and shred your old credit card receipts, ATM receipts, old account statements, and any other correspondences prior to disposing them.
Pharming is a scamming practice in which a malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent. Pharming can be conducted either by changing the host file on a victim's computer by exploitation of a vulnerability in DNS server software.
- If you access websites which requires your personal information, ensure the website address has a https:// in its URL.
Keylogging is a form of online fraud where the keys inputted on a keyboard is captured, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.
- Using One-Time PIN (OTP) is keylogger safe as each PIN is invalidated as soon as it is used.
- Install anti-spyware applications which are able to detect and disable/cleanse keylogging softwares.
Keylogging on ATM has been known as overlaying a keyboard ATMs pinpad to capture people's PINs. The device is designed to look like an integrated part of the ATM so that bank customers are unaware of its presence
- Citibank only uses certified encrypting pin pad for all the ATMs
- If you notice any "unauthorized" devices or objects fixed to the ATM, do not use the ATM machine and report it immediately to our 24-Hour CitiPhone Banking.
- If you notice anything strange at the ATM, leave immediately. If you have already started a transaction, cancel it and leave immediately.
Keylogging on mobile phone has been known in the market for a number of years. The main purpose of such spyware is to capture and transmit information including email, sms and keystrokes on the cell phone without the user of the phone being aware of it.
- Think before downloading applications. Review the privacy policy and understand what data (location, access to your social networks) an application can access on your device before you download it.
- If you did not expect any message or connection attempt to your mobile device, take precaution by declining the connection as this may be an attempt to send a malicious program to your mobile device. Always decline such attempts in connection when in doubt.
- Avoid downloading Citibank Mobile application from any site unless it is from Apple App Store and Google Play sites.
SMS spoofing uses the short message service (SMS) to set who the message appears to come from by replacing the originating mobile number (sender ID) with alphanumeric text. Spoofing has both legitimate uses (setting the company name from which the message is being sent, setting your own mobile number, or a product name) and illegitimate uses (such as impersonating another person, company or product).
- If you suspect any SMS spoofing, you should notify Citibank immediately by calling our 24-Hour CitiPhone Banking at (65) 6224 5757. Remember, Citibank will never request for your personal details via SMS.
- Be alert and watch out for any suspicious persons or activities around the ATM. Be alert of anyone loitering in close proximity to or even at a distance from the ATM location.
- Never lend your ATM card to anyone.
- If you notice any "unauthorized" devices or objects fixed to the ATM, do not use the ATM machine and report it immediately to our 24-Hour CitiPhone Banking.
- Do not accept any offers of assistance with the ATM from strangers. If you need help, use the phone located at the ATM machines to contact our 24-Hour CitiPhone Banking for help.
- If you withdraw cash, put it away immediately. Do not count it at the ATM machine.
- When leaving an ATM location make sure you are not being followed by anyone. Drive immediately to a police station, crowded area or well-lighted location if you are being followed.
- Apply ATM cards for accounts used regularly only.
- Do not apply for an ATM card if there is no requirement to access the account often.
- Keep minimal amount of money in the accounts that are linked to the ATM cards.
- Minimize the chances of falling victim to ATM card fraud.
- When choosing a PIN, don't use common numbers like the last six digits of your IC or your date of birth.
- Once you have chosen a PIN, memorize it, never write it down on anything that you carry with you, including the back of your card.
- Get used to using the same ATM for your transactions. When you are familiar with it you will be able to recognize changes to it.
- Be alert and vigilant when conducting transactions at any ATM, and be sure not to be distracted by strangers.
- Be mindful when entering your PIN in the presence of others near the ATM.
- If your card is withheld by the ATM, report it immediately to our 24-Hour CitiPhone Banking.
- Do not respond to any mobile phone text messages or emails requesting for personal information, especially your PIN and passwords to your banking account. This is because banks will never request for such information in this way. If you do receive such call or text message, take down the caller's details and call the bank directly to verify their identity with the bank's customer service centre.
- Minimize your loss if you do fall victim
- If your ATM card has been lost, stolen or otherwise compromised, immediately call the bank to cancel the card and get another with a new PIN. If you have reason to believe that an identity thief has tampered with your bank accounts, cheques or ATM card, close the account immediately.
- Check your bank statements regularly even after you have reported your ATM card missing. If you find any suspicious charges, notify the bank immediately.
Types of ATM Fraud:
ATM Card skimming
Instance where a skimming device is used to copy an ATM card's security information on its magnetic stripe in order to reproduce the customer's information on a counterfeit card.
ATM Card jamming
Instance where an ATM's card reader is tampered with the intention to trap a customer's card. The criminal removes the card once the customer has walked away from the ATM Machine.
ATM Card swapping
Instance where a customer's card is swapped with another card without their knowledge during an ATM transaction.
Shoulder surfing
Instance where an individual stands next to someone and observe as they enter a PIN number at an ATM machine.
Compromise of ATM PIN number
Instance where either the customer's ATM PIN is obtained via observation ie "shoulder surfing" or the ATM PIN is illegally recorded by a hidden camera.
Telephone Tapping
Telephone tapping is the unauthorized monitoring of telephone and Internet conversations and/or key tone by a third party. Phone Tapping is possible on a public switched telephone network and can be difficult to detect. To minimize the risk, consider disabling your mobile phone's Bluetooth connection to prevent any unauthorized access to signal sent from and to your phone.
Supported Browsers
You are recommended to use supported and updated browsers to ensure that your internet banking is secure.
Web Browsers / OS: |
Windows |
Mac OSX |
iOS |
Android |
8.1 |
8 |
7 |
Vista |
XP |
10.10 |
10.9 |
10.8 |
7.1.2 |
7 |
4.1.2 |
Internet Explorer 11 |
X |
|
X |
|
|
|
|
|
|
|
|
Internet Explorer 10 |
|
X |
X |
|
|
|
|
|
|
|
|
Internet Explorer 9 |
|
|
X |
X |
|
|
|
|
|
|
|
Internet Explorer 8 |
|
|
X |
X |
X |
|
|
|
|
|
|
Chrome 35 |
X |
|
|
X |
X |
|
X |
|
|
|
X |
Chrome 32 |
|
X |
X |
X |
X |
|
|
X |
|
|
|
Chrome 31 |
|
X |
X |
X |
X |
|
|
X |
|
|
|
Firefox 33 |
X |
|
X |
|
|
|
|
|
|
|
|
Firefox 30 |
X |
|
|
|
X |
|
X |
|
|
|
|
Firefox 28 |
|
|
|
|
|
|
|
X |
|
|
|
Firefox 26 |
|
X |
X |
X |
X |
|
|
|
|
|
|
Firefox 25 |
|
X |
X |
X |
X |
|
|
|
|
|
|
Safari 8.0 |
|
|
|
|
|
X |
|
|
|
|
|
Safari 7.0 |
|
|
|
|
|
|
|
X |
|
|
|
Opera 12 |
|
|
X |
|
X |
|
|
|
|
|
|
Opera 10 |
|
X |
X |
X |
X |
|
|
|
|
|
|
Tablet Local Browser |
|
|
|
X |
|
|
|
|
X |
X |
X (Samsung Galaxy Note 10.1) |
X (Kindle Fire HD) |
You can download a new browser from:
NOTE: We do not recommend that you download beta versions, since they are experimental and may undergo significant changes before they're released. Please only download the above recommended versions.
If you are not ready to upgrade your browser, or you do not use one of these operating systems, you can still visit our site. However, should the browser be rejected, you will need to upgrade your browser from the recommended links above and they can be usually downloaded for free from the company's web site stated above.
How can I tell which browser version I am using?
For Windows Users:
- Microsoft® Internet Explorer™ - Menu > Help > About Internet Explorer
- Mozilla Firefox - Menu > Help > About Mozilla Firefox
- Google Chrome - Wrench icon, top right corner > About Google Chrome
For Mac Users:
- Safari - Safari > About Safari
Mobile Malware
New variants of mobile malware targeting Android smartphones continue to appear in the Asia-Pacific region. These malicious apps often target mobile banking apps, and may attempt to steal customer credentials and perform fraudulent transactions.
In some cases, the mobile malware will attempt to circumvent the additional layer of security provided by One Time PINs (OTPs) by intercepting text messages (SMSs) or generating a fake dialogue inside the mobile banking app in order to trick a user.
Citi recommends customers remain alert for malware threats and review our Online Security Tips. Specifically, Citi suggests that all mobile users consider:
- Only installing applications from trusted and official sources
- Installing a reputable mobile antivirus application
- Keeping mobile device software up-to-date
- Being aware of the heightened risks associated with 'rooted' or 'jailbroken' devices
- Not following any links or instructions provided from unknown or suspicious sources.
Customers who notice unusual behavior in their online banking session should immediately terminate the online banking session and contact Citi’s 24-hour Citiphone on (65) 6224 5757.
Security Alert: TINBA Malware
A new variant of the TINBA malware is targeting banks in Singapore. This malware, when installed on the victim’s PC, steals online banking credentials via fake messages and fake web pages that ask for personal information.
Citi recommends customers remain alert for malware threats and consider the following tips:
- Malware often arrives on your PC in an email attachment. You should never open an attachment from someone you don’t know or if an email looks suspicious.
- Malicious websites can install malware on your PC when you visit them. Never open links to webpages that you don’t recognize or that are sent from people you don’t know.
- Install anti-virus software and make sure it is kept up to date. Anti-virus software should be configured to check for updates at least once per day.
- Keep your PC operating system up to date.
Customers who notice unusual behavior in their online banking session should immediately terminate the online banking session and contact Citi’s 24-hour Citiphone on (65) 6224 5757.
Security alert: DYRE malware
Variants of the DYRE malware continue to target online banking customers worldwide.
DYRE, also known as Dryeza, is a malicious program used by cybercriminals to steal online banking credentials and perform fraudulent transactions. Dyre is usually spread by phishing emails containing attachments or hyperlinks that, once opened, can exploit your computer’s existing security flaws to install the malware. Once installed, DYRE can redirect websites through servers operated by criminals, allowing them to capture and alter data in real time.
Signs of a DYRE infection include:
- Repeated requests for User ID, Password and/or One-Time PIN (OTP)
- Changes in the appearance or procedures of online banking
- Delays and persistent "loading" screens.
Citi recommends customers remain alert for malware threats and review our Online Security Tips.
Customers who notice unusual behavior in their online banking session should immediately terminate the online banking session and contact Citi’s 24-hour Citiphone on (65) 6224 5757.
Security alert: POODLE
A security vulnerability known as "POODLE" (Padding Oracle On Downgraded Legacy Encryption) has been discovered on the SSL3 (Secure Sockets Layer v3) used by old versions of web browsers such as Internet Explorer 6 on Microsoft XP.
SSL is used to establish an encrypted link between a website and a web browser (such as Internet Explorer) to keep the customer's credentials and transactions secure.
In view of this vulnerability, we will not be supporting older versions of web browsers as of 11th January 2015.
We recommend customers to refer to the Supported Browsers and Roles and Responsibility for steps to ensure a safe and secure online banking experience.
As an internet banking user, you have a role to play to ensure that you are protected while banking online. Here are some of the ways you could take to safeguard yourself:
Your Role and Responsibility
In September 2018, the Monetary Authority of Singapore (“MAS”) issued the e-Payment User Protection Guidelines (the “Guidelines”), which essentially set out the expectations of MAS of any responsible financial institution that issues or operates a protected account. It also covers duties of account holders and account users of protected accounts and provide guidance on the liability for losses arising from unauthorised and erroneous transactions. The Guidelines are effective 30 June 2019 and last updated on 5 September 2020.
The Guidelines define:
-
(1) a "payment account" as:
- (a) any account, or any device or facility (whether in physical or electronic form), that —
- (i) is held in the name, or associated with the unique identifier, of any person, and is used by that person for the initiation of a payment order or the execution of a payment transaction, or both; or
- (ii) is held in the names, or associated with the unique identifiers, of 2 or more persons, and is used by any of those persons for the initiation of a payment order or the execution of a payment transaction, or both; and
- (b) an account which includes a bank account, debit card, credit card or charge card.
-
(2) a “payment transaction” as the placing, transfer or withdrawal of money, whether for the purpose of paying for goods or services or for any other purpose, and regardless of whether the intended recipient of the money is entitled to the money, where the placing, transfer or withdrawal of money is initiated through electronic means and where the money is received through electronic means;
- (a) the placing, transferring or withdrawing of money for the purposes of making payment for goods or services; and
- (b) the placing, transferring or withdrawing of money for any other purpose.
-
(3) a “protected account” as any payment account that:
- (a) is held in the name of one or more persons, all of whom are either individuals or sole proprietors;
- (b) is capable of having a balance of more than S$500 (or equivalent amount expressed in any other currency) at any one time, or is a credit facility;
- (c) is capable of being used for electronic payment transactions; and
- (d) where issued by a relevant payment service provider is a payment account that stores specified e-money.
- (4) an "unauthorised transaction" (in relation to any protected account) as any payment transaction initiated by any person without the actual or imputed knowledge and implied or express consent of an account user of the protected account.
In accordance with the Guidelines, Citibank would like to inform customers and account users of protected accounts about (a) their duties set out in section 3 of the Guidelines, and (b) Citibank’s duties set out in section 4 (excluding paragraph 4.3) of the Guidelines. You should note that except for paragraph 4.4 (which relates to the sending of transaction notifications i.e. Citi Alerts), section 4 of the Guidelines do not apply to Citibank in respect of any credit card, charge card or and debit card issued by Citibank. Please carefully review the Guidelines.
We would like to draw your attention to para 3.3 of the Guidelines which provides that it is the customer/account user’s responsibility to enable transaction notifications (i.e. Citi Alerts) on any device (used to receive transaction notifications from Citibank). Customers/Account users are required to opt to receive transaction notifications for all outgoing transactions of (any amount) made from your protected account, and to monitor the transaction notifications sent to you or the designated account contact. (For this reason, Citibank will assume that you will monitor such transaction notifications without further reminders or repeat notifications.)
If you had previously chosen your threshold for receiving such alerts, the existing threshold will continue to apply. Otherwise, the default threshold set by the Bank will apply. If you wish to select threshold amounts for outgoing transaction alerts, simply login to Citibank Online with your User ID and Password and select 'Manage Alerts' found on the right menu under ‘Useful Links’. You will be able to amend your alerts preferences as well as your preferred mode of notification.
Please ensure that your contact information maintained with Citibank is accurate.
Some of your other duties are to protect the Unlock Code you use to authenticate any payment transaction or your identity (e.g. your password or OTP) and to protect access to your protected account such as by ensuring you have strong passwords and keeping your software updated.
An account user would be responsible for actual loss arising from an unauthorised transaction if such account user’s recklessness was the primary cause of loss. Recklessness would include the situation where the account user deliberately did not comply with the duties set out in section 3 of the Guidelines, which includes the duty to enable transaction alerts. It is therefore important to understand that the preferences you set for transaction alerts (including how low or high your selected threshold amount is, and the types of transactions for which you elect to receive notifications) would affect how the liability framework in section 5 of the Guidelines would be applied and how any claim by you in relation to an unauthorised transaction would be resolved.
You are also required to report any unauthorized transactions as soon as possible after receiving a transaction alert and to provide information on such unauthorized transactions to Citibank within a reasonable time.
Liability Framework for Unauthorised Transactions under the Guidelines
The Guidelines set out in section 5, a liability framework relating to unauthorized transactions effected on a protected account. For the avoidance of doubt, the section 5 liability framework does not apply in respect of any Citibank credit card, charge card or debit card (this issue being addressed in the relevant cardholder agreements). Further, Customers should note that the Guidelines provide that “where any account user knew of and consent to a transaction (“authorised transaction”), such a transaction is not an unauthorised transaction, notwithstanding that the account holder may not have consent to the transaction.
The information set out below has been distilled from section 5. However, Customers are advised to read the Guidelines.
Scenario (1): Customer is liable for actual loss
The customer will be liable for the actual loss arising from an unauthorized transaction on a protected account if the customer/account user’s recklessness was the primary cause of the loss. Recklessness would include the situation where any account user deliberately did not comply with section 3 of the Guidelines.
Scenario (2): Account holder is not liable for any loss
The customer is not liable for any loss arising from an unauthorized transaction if the loss arises from any action or omission by Citibank and does not arise from any failure by any account user to comply with any duty in section 3 of the Guidelines.
Any action or omission by Citibank includes the following:
- (a) fraud or negligence by Citibank, its employee, its agent or any outsourcing service provider contracted by Citibank to provide Citibank's services through the protected account;
- (b) non-compliance by Citibank or its employee with any requirement imposed by MAS on Citibank in respect of its provision of any financial service; and
- (c) non-compliance by Citibank with any duty set out in section 4 of the Guidelines.
Scenario (3): Loss resulting from any action or omission of any independent third party
The customer is not liable for any loss arising from an unauthorized transaction that does not exceed S$1,000, if the loss arises from any action or omission by any third party not referred to in scenario (2) above, and does not arise from any failure by any account user to comply with any duty in section 3 of the Guidelines.
Note:
**Under the Citibank cardmember agreements, a cardmember’s liability for all unauthorized transactions on his/her Citibank credit card which are effected prior to such cardmember notifying Citibank shall be limited to S$100 provided that certain conditions are complied with, including inter alia, the following:- (a) the cardmember has exercised due care in preventing his/her card from being stolen and has immediately notified Citibank; (b) the cardmember assists in the investigations and recovery; and (c) Citibank is satisfied that such unauthorized card transactions are not due to the cardmember’s negligence or fraud.
Always make sure that you have entered your User ID and Password and other confidential information in the legitimate Citibank Website by entering Citibank's Website address https://www.ipb.citibank.com.sg directly onto your Web browser.
To ensure you are on a secure website,
-
Check the beginning of the Web address in your browser's address field - it will be "https://" rather than "http://". Secure websites will also contain a padlock icon on the status bar at the top of the browser. Double-click to view details of the security certificate, which is issued to Citibank.
-
To verify that the website is authentic, check for the following details:
-
All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer using 128-bit encryption, the highest level of encryption commercially available.
Right-click on the page > Select Properties
URL: https://www.ipb.citibank.com.sg/SGIPB/JSO/signon/DisplayUsernameSignon.do?locale=en_SG
Connection: TLS 1.0, RC4 with 128 bit encryption (High); RSA with 2048 bit exchange
Do not save your online banking login details on the browsers by clearing your browser's cache and history after each session. Click here for steps to clear browsers' cache. Always remember to log out when you have completed your internet banking session.
Always update the bank whenever you have changed your contact details so that you can be contacted in a timely manner should we detect any unusual transactions.
Ensure that your computer has the latest anti-virus software as they help to guard against new viruses. Your computer's operating system and browser software should be updated with the latest security patches. All these will help prevent unauthorized access to your computer.
Keep your User ID and Password confidential
Internet banking users should never disclosed their User ID and Password and they should also ensure that no one is watching you while you enter your User ID and Password or any confidential information. Memorize your User ID and Password and do not record it anywhere. Under no circumstances should you reveal your User ID and Password to anyone even if they purport to be a staff of Citibank.
Do not use a shared computer or device that cannot be trusted for internet banking such as the computer at an Internet café. These devices may be installed with certain software that could capture your personal information prior to your approval.
Your Online Security Device (OSD) should be kept with you at all times and not be used or tampered with by anyone. The One-time PIN(OTP) generated with OSD or via an SMS should also not be compromised to anyone else.
Beware of Online Threats
Online threats are very common nowadays and it tricks you into surrendering your confidential information. It is important to know its mechanisms and take preventive measures to safeguard yourself. Here are some of the examples of online threats:
1.Fraudulent emails - It is a forged email that alludes you to provide sensitive confidential information either by requesting you to reply to the email or it includes links to a 'fake' website that attempts to retrieve your personal data by requesting you to login to the 'fake' website.
Preventive Methods:
- Do not disclose your personal, financial or credit card information to unknown or suspicious websites.
- Do not open email attachments from strangers and unknown sources or by installing software or run programs from unknown origins.
- Remember, under no circumstances will Citibank ever send you an email requesting for your confidential information. You should not respond to the email or reveal your User ID and Password to anyone.
2.Spyware - It is a software inserted onto your computer that collects information about you and your internet traffic. It is usually get stored onto your computer unknowingly when you download software, games, screensavers, etc from unknown Websites and it claims to improve your computer's performance. It can be used maliciously to gain access to your confidential personal data such as your Passwords, PINs and Internet browsing history.
Preventive Methods:
- If you have installed any software that claims to speed up your internet connection, or have additional third-party toolbars on your browsers, then you may be using software that has the ability to track your internet sessions. We recommend that you uninstall this software.
- Refrain from logging onto Citibank Online until the problem has been resolved.
Email Fraud
Every Internet user should know about spoofing (a.k.a. phishing or hoax) emails and letters that appear to be from a well-known company. Although they can be difficult to spot, the emails or letters generally will request you to access a link that leads you to a spoof Website or to call a phone number to get you to update and confirm your confidential information. To bait you, they may allude to an urgent or threatening condition concerning your account.
You should always remember that under no circumstances will Citibank ever send you an email or letter asking for your account specific confidential information. You should never respond to such emails, letters and reveal your User ID, Password or any other confidential information to anyone. Keep your User ID and Password private and do not share this with anyone, particularly on written correspondence such as email or letters.
Do not give your account number away over the phone unless you know the recipient or if you've initiated the call.
Credit and Debit Card Advisory
You may have read or heard about a security breach at CardSystems Solutions, Inc., a third-party processor of payments for credit and debit card transactions, including Visa and MasterCard.
When we become aware of a breach, we take appropriate steps, above and beyond our normal prevention and detection actions, on any of your accounts that may have been impacted. Our detection actions include the use of Citi's sophisticated Fraud Early Warning System to monitor accounts, and our prevention actions include notifying you who we think may be at risk due to suspicious activity.
There is a low risk of identity theft in this situation since the data compromised, as we understand it, included only name, account number, card verification codes and expiration date. You as cardholders will not be held liable for these proven unauthorized transactions.
Citibank suggests you to monitor their monthly statements to ensure all activities are authorized on their account, and if they notice something suspicious please contact us at our 24-hour CitiPhone Banking on the back of their card immediately. Protecting our customers' accounts and personal information is one of our highest priorities.
We're constantly updating and improving our wide variety of security measures, providing you the confidence you need when using Citi Mobile or Citibank Online.
Web Security
2-way SMS Notification
-
Our 2-Way SMS service alerts you of any suspicious transactions on your account. It is important that you respond to us immediately:
- You should reply to the SMS with "1" if the transaction is authorised by you or "2" if the transaction is not authorised by you.
-
Please note
- You will receive the SMS from the number 72484 ("Short Code") if your registered mobile is a Singapore number and
+65 9657 2484 ("Long Code") if your registered number is not a Singapore number*.
- We will not ask for any additional information to be provided other than "1" or "2".
- If you are overseas or holding onto an overseas mobile number, please send your reply to +65 9657 2484.
- Please contact the Fraud Hotline +6563375519 if you have any issues.
- You can stay on top of your account activities with customised Citi Alerts, where you can get SMS or email notifications whenever there is a specific transaction on your account. Learn More
Citi Mobile® Token
Misplaced your card? Lock your card on the Citi Mobile® App
- If you’ve misplaced your card, you can temporarily lock your card at Citi Mobile® App so that no one else can use it. You can unlock your card just as easily when you need to.
- While your card is locked, you will not be able to use it for point-of-sale transactions. However, any recurring payment instructions that you may have established on your card will not be affected.
- To terminate your card and request for a replacement if your card is lost or stolen, please call our Citiphone hotline.
One-Time PIN (OTP)
Whether you login from home, office or elsewhere, the One-Time PIN (OTP) when used with your User ID and Password, provides additional protection against unauthorized access of your online account information and from various forms of online fraud.
Time-Out Session with No Activity
To help protect you against unauthorized access, your Citibank Online session will be terminated after a period of inactivity and you will be asked to login again with your User ID and Password.
Strict Protection of Customer Information
Citibank has strict standards on security and confidentiality to safeguard our customers' personal information. Regular audits are conducted internally to uphold these standards. Our security features also ensures that Citibank will never compromise our customers' personal information including Password and PIN to others.
If you suspect there are unauthorised transactions on your account or you wish to report suspicious emails, SMS messages or phishing websites:
Step 1
Call
- CitiPhone banking: (65) 6224-5757
- Commercial Bank hotline: (65) 6238-8833
Email: spoof@citicorp.com.
Step 2
Change your Citibank Online User ID, Password and ATM PIN immediately.
If you suspect that there has been any unauthorized breach of your accounts online, or that an online transaction has taken place that you did not initiate, it is important for you to inform us firsthand. Not only that, immediately notify the bank should you encounter any issues, difficulties or irregularities.
- Security incidents will be escalated to our technical support staff for evaluation. If any breach of security appears to have occurred, the bank will investigate it further
- Citibank will provide you an interim update of our investigations and the status of your case. Final resolution of any incident, though, will depend on the nature and complexity of the incident, as well as the details surrounding the case
- While we investigate, our officers may ask you to provide more details surrounding the incident to allow us to resolve your case as quickly and as efficiently as possible.
It is strongly advised that you check their accounts on a regular basis and monitor your monthly statements to ensure they are authorized activities on their account, and if they notice something suspicious to contact the customer service number on the back of their card immediately.
You are always encouraged to login to Internet banking from your browser by typing www.ipb.citibank.com.sg into the address bar or add Citibank to your list of favourites. Do not follow links from an email, letters, etc.
Protecting our customers' accounts and personal information is one of our highest priorities. You can call contact our 24-Hour CitiPhone Banking at (65) 6224 5757 to report any irregularities.
It is important that you do your part to ensure banking online is done in a safe and secure manner. Citibank shall neither be liable for acting upon instructions nor obliged to investigate the authenticity or authority of persons effecting your instructions or verify the accuracy and completeness of your instructions. Such instructions shall be deemed irrevocable and binding on you upon receipt by Citibank notwithstanding any error, fraud, forgery, lack of clarity or misunderstanding in respect of the terms of such instructions.