Online Banking Safety Tips

The pre-holiday shopping period is approaching. Remember that scammers will also be active in this hot time, counting on your haste and inattention. Before making a purchase online, look for opinions and information about the Service Provider. Treat with caution any attractive offers and promotions and items at disproportionately low prices. Under no circumstances, at the seller's request, do not install dangerous applications, e.g. enabling remote access to your device. Do not share your card details or other information about your financial products.
Do not click on the links provided.

“Soldier” and similar scams are one of the many methods used by criminals who operate through social media and online messengers as well as email.

Please stay vigilant when providing financial support to any types of organizations, and especially individuals.

Scammers exploit the gullibility and naivety of women as well as their dreams about a big love and money, therefore they may pose as:

• A lonely soldier away from his country,
• An employee of the European Parliament or another international body or organization,
• A refugee or a victim of a natural disaster or all types of persecution,
• A representative of an unidentified charity (water wells in drought-stricken regions, schools, food, medical procedures etc.)

Scammers modify their methods always with the same intention in mind – to cause you to lose your money. To this end, they use a temporary infatuation, pressure of time, element of surprise and even intimidation. If you receive a message from a stranger, this should be a red flag and the reason to be especially careful or to simply delete such a message.

Make sure to never enter any data, such as login and password or payment card numbers to third parties or on websites visited through a link. Your card data, such as its number, CVV2 code and expiry date are sensitive data. Do not ever install any software on your device that will allow scammers to manage it remotely.

Do you use the marketplace Vinted? Beware of scammers who, by pretending to be potential buyers, send links via Vinted messages or email and text messages that redirect you to fake websites. On these websites, scammers encourage you to log in to online banking or provide your payment card data. They claim this is the only way to collect payment from the buyer.
The messages, which are confusingly similar to those coming from an original source, may in fact cause you to lose your online banking data or have your identity stolen and, in consequence, to lose your funds.
Make sure to never enter any data, such as login and password or payment card numbers, on potentially suspicious websites visited through a link, especially when you are the person selling the product.
Your card data, such as its number, CVV2 code and expiry date are sensitive data.
Providing your financial information on a fake website can cost you your money.
When selling an item, ask buyers to transfer the funds using the traditional, secure payment methods.

For more information go to the tab on the bank's website: Security -> Warnings

Do you use Amazon or similar platforms? Beware of scammers posing as customer service employees of Amazon, Shopee, Lazada and others. Scammers call their victims on the phone and ask for their credit card or online banking data.
They might also send emails confirming a purchase that was never made. In the email, they persuade their victims to click a link that will allegedly redirect them to the customer service team of Amazon. The link might redirect you to a fake website or trigger the download of malware. The messages, which are confusingly similar to those coming from an original source, may in fact cause you to lose your online banking data or have your identity stolen and, in consequence, to lose your funds.
Make sure to never enter any data, such as login and password or payment card numbers, on potentially suspicious websites visited through a link, especially when you are the person selling the product.
Your card data, such as its number, CVV2 code and expiry date are sensitive data.
Remember that the employees of such platforms will never ask you to provide sensitive data such as card or login data, or ask you to install remote desktop software on your device.

For more information go to the tab on the bank's website: Security -> Warnings

Do you use classifieds websites? Beware of scammers who send links via SMS or Messenger and WhatsApp leading to fake websites that look like classifieds websites. Through these websites, fraudsters encourage you to log into online banking or enter your payment card details. They say that this is the only way to receive payment from the buyer.
Do you use classifieds websites? Beware of scammers who send links via SMS or Messenger and WhatsApp leading to fake websites that look like classifieds websites.
Through these websites, fraudsters encourage you to log into online banking or enter your payment card details.
They say that this is the only way to receive payment from the buyer.

We warn you against e-mail correspondence allegedly from the Ministry of Finance informing about tax refunds. By clicking on the link, the addressee is transferred to a fake page where, in order to get a refund, he must provide all his card details. In this way, fraudsters obtain all the information necessary to carry out a transaction using the addressee's card. Do not be deceived, do not click on the attached links, do not provide any information about yourself and your banking products.

The number of events in which criminals impersonate the Bank's employee is not decreasing. Fraudsters keep improving the method, still relying on the security department, they can inform you, for example, about the following situations:

• about an attempt to transfer from your account / an attempt to make a transaction with your card
• about an attempt to take a loan for your data
• about an attempt to hack into your account / credit card
• about the failure of the banking system
• about the need to transfer products to another Bank
• about the cooperation of security teams from various Banks
• about an existing, undefined threat to your funds/li>

Remember:
Criminals create an appearance of professionalism and credibility, are well informed, wanting to lull you into vigilance. Regardless of the reason they give you, they will urge you to install an application that allows you to remotely access your device.
To enable them to steal, you need to open the "door" for them. This is what installing dangerous applications is all about. Don't let thieves in, don't be fooled.
Under no circumstances should you install anything or click on any attached links.
Each time you receive such a call, do not provide any information about your finances, do not continue the conversation, hang up and be sure to call the Bank's hotline in which you have the products in order to confirm and verify whether there was an attempt to contact the Bank.
That the hotline number in an incoming call does not mean that your Bank is calling you. It is your call to the Bank that can verify this situation.

Recently, on the Internet and on social media you can come across advertisements of many investment companies and platforms, including investment brokers offering cryptocurrency or Forex trading. Before you decide to invest your savings in a given fund or broker, first find out more about it and verify such company in the register of the entities of the Polish Financial Supervision Authority or check whether such company is listed in the public warnings register. You can also read opinions of other investors about the company. Note that lack of information on the Internet is a warning sign.

Profit that is disproportionately high against similar offers in the market or obtaining high profits from cryptocurrency or Forex trading is also a red flag. It is recommended to choose funds offered by renowned financial institutions.

Under no circumstances should you grant remote access to your devices (computer, phone, tablet) to anyone or install any software that could enable anyone a remote access to your device. Do not share any confidential data such as logins, passwords or one-time authorization codes. Do not share information about your financial situation or products held.

Fraudsters might use appropriate social engineering methods to obtain your funds under false pretenses. Stay vigilant.

WhatsApp users are warned about a new message hoax which could lead to accounts being hacked. If you are a WhatsApp user, you should watch out for fake messages from your family member or friend with a request to provide a verification code. This is a way how fraudsters take control over your WhatsApp account.

Another WhatsApp scam has also emerged in which an account that pretends as an official communication source for WhatsApp technical team asks users to share their verification code. In the third scam that has also been reported fraudsters try multiple times to log into a victim’s account in order to block it and trick a user to undergo a phone verification via a phone call.

WhatsApp doesn't ask for any personal information, including verification codes.

Please be reminded that the consultants of the Bank who contact our clients for banking purposes NEVER ask to install any application on your phone or computer.
You should never install any applications that come from unknown sources or consent to any other form of access to your phone or computer. If you are asked by anyone to do so, it is highly likely that it is an attempt to infect your device with a malware.

If you receive one of the two following messages, please report it immediately to us.

Clicking the link may result in your login data for the online banking service being taken over.

This message does not come from the Bank, it leads to a false page and is a phishing activity.

Before entering an authorization code sent to your mobile phone, please check if the code is related to the operation you are performing.

Text message with the authorization code includes information on a type of performed operation, possible beneficiary’s account number or a name of an added defined beneficiary.

Examples of text messages with authorization code:

1. Citi Handlowy: new beneficiary defined
   (Beneficiary’s name).
   If you did not order this operation, contact the Bank. +48226922484
2. Citi Handlowy Activation Code Operation: Adding a
   beneficiary’s account number: xxxx (four last digits of the added beneficiary’s account number)
   Date/Time: 01/01/2019 01:00:01 pm Code: xxxx
   Remember not to share your code with ANYONE!
3. Citi Handlowy Activation Code Operation: Transfer
   I pay with Citi Handlowy xxxx (four last digits of the added beneficiary’s account number)
   Date/Time: 01/01/2019 01:00:01 pm Code: xxxxxx
   Remember not to share your code with ANYONE!
4. Citi Handlowy Activation Code Operation: Domestic transfer Account number: xxxx (four last digits of the added beneficiary’s account number)
   Date/Time: 01/01/2019 01:00:01 pm Code: xxxx
   Remember not to share your code with ANYONE!

Recently there have been profiles on Facebook that claim to be from Citi Handlowy and inform about promotions urging potential victims to click on fake links to steal banking login credentials or credit card details.

After you click on the Submit button, you are taken to a fake site, e.g. hxxps://citibank-pl.tk/apps/auth/signin/ which steals your confidential data, e.g. online banking login credentials, credit card details, personal data or passwords.

We monitor such profiles on an ongoing basis and in cooperation with Facebook remove any fake sites. The above site that had appeared recently has been already blocked.
However, we recommend staying alert and paying attention to any aspects that may suggest a profile or a site is fake, including in particular:

• unusual characters in the sender’s name – fraudsters use various tricks and special characters creating the fake profile’s names to distract your attention;
• spelling mistakes and ungrammatical content;
• other additional information not connected with the main subject of the message or with banking services – in the above case, an example of such irrelevant information is the hotel’s address under the visual.

Additionally, you should always read carefully the address of the site to which you are directed. Before you enter any information on any website, please make sure the site to which you have been directed is the bank’s site. For more information on how to check this, please visit the following page: https://www.citibankonline.pl/en/safety.html

If you receive suspicious message claiming to be from Citi Handlowy, please inform us of this fact immediately. To find out how to contact us, please go to: http://www.citibank.pl/poland/homepage/english/contact.htm

• Bank sends to some clients personalized text messages with the link to our product or service offerings.
• When you receive such a text message, please make sure the URL in the link starts with
  • https://citi.me/ – this is a short link that will redirect you to the appropriate URL
  • the link may contain at the end 15 alphanumeric characters (individual offer number), i.e. https://citi.me/PLGotowkaZKarty#cfc?ref=9TJTbSjcASWXHWt
• Remember that we will never ask you for providing any sensitive information such as your PESEL or phone number.

---

Did you get a text message from Citi Handlowy?
CHECK WHETHER IT WAS SENT BY US FOLLOWING TWO SIMPLE STEPS!

Can you see a number in the sender’s field?
Yes No

Enter the number that you see in the sender’s field and click Check.
Check

Can you see Citi or Citi Specials in the sender’s field?
Yes No

That is correct! This is our number!



The number that you entered is not the number used by Citi Handlowy. Please contact CitiPhone immediately: 22 692 2484.





That is correct! The text message was sent by Citi Handlowy.




In the sender’s field instead of the phone number we use only Citi or Citi Specials.
If you see any different name in the sender’s field, please contact CitiPhone immediately: 22 692 2484.

When you receive an email from Citi Handlowy with the link to the Citibank Online transactional platform, please follow the simple steps below that will help you stay safe:

• Make sure the email with the link was sent from the following address: info@citihandlowy.pl, twojwyciag@bankhandlowy.pl, CitihandlowyKorespondencja@citi.com or addresses ending with @citi.com or @emailapps.emea.citi.com.
• Make sure the message URL address in your browser is https://www.citibankonline.pl, https://www.online.citibank.pl or https://onlinesalesautomation.citigroup.com.
• Please also note that we use an email service provider – SARE S.A. to help us manage the email communication with our clients. If an email is sent using our service provider, our clients get redirected from the http://citihandlowy.enewsletter.pl domain to the Citi Handlowy sites. The email communication sent via our service provider is always sent from info@citihandlowy.pl. This helps us to better respond to the needs of clients who have chosen to receive email communication from us.
• Make sure this is the email you may expect from us and check whether there have been any phishing alerts posted on our website recently.
• Do not open any attachment or link if you are not sure it is from trusted source. If you have any doubts, please check with us before you click on the attachment or link.
• If you still have some doubts, please contact us via CitiPhone (+48) 22 692 2484

Recently there has been malware identified on 4 smartphone models that was installed during the production phase. Removing the malware is possible only by means of a special software provided by the manufacturers.

The identified phone models are: Doogee BL700, M-Horse Pure 1, Keecoo P11 oraz VKworl Mix Plus. For Keecoo P11 there is an updated version available that can remove the malware. Other manufacturers have not issued any software that would enable to remove the virus. In past, there were some similar cases of preinstalled malware on Android smartphones, such as Android.Triada.231 Trojan identified in 2018 on 40 smartphones.

The malware installed on the phone during the production stage may steal data such as IMEI number, information about location, operator or MAC address. Then, the data are sent to a server and the malware can download and install applications, remove applications or open any URLs in a browser.

We recommend to avoid using the above mentioned phone models.

Be vigilant when making online payments. Always carefully check the addresses of websites used to execute transactions. Fraudsters often use the names of and pose as known service providers by creating misleadingly similar websites or placing a so-called overlay on the legitimate website. Thus, they obtain all the data necessary to withdraw your funds from your account or credit card.

For example, the following addresses are seemingly the same:

• firma.firmax.com
• firma.firmax_.com

However, they may lead to two different websites. Sometimes, the difference in the web address is almost unnoticeable, especially on mobile devices (e.g. a comma instead of a dot, any underscores).

You should be especially alert to the following elements:

• An open padlock in the website address (if possible, check the certificate)
• Low product price
• An offer that is more attractive than at other service providers
• Visual appearance and layout of the website

If anything raises your suspicions, please contact us immediately at (+48 22) 692 2484.

When registering and entering your payment card data in Google Play or another store, please read carefully the terms and conditions of the service provider. Such registration often entails acceptance of any payments made on the user’s account to which the card has been linked (including those made by minors). Moreover, authorization is only necessary for the first transaction, while all the subsequent ones are executed without the security measure, such as an authorization code received on the phone. Let us remind you that Google Play and other accounts enable access and purchase of games and applications. The payment card linked to a Google Play account also makes it possible to make in-game or in-app purchases.

Once again, we’d like to warn you against the most popular scenarios of frauds implementing social engineering mechanisms and to remind you to exercise special care. Despite whistle-blowing campaigns related to such type of crimes carried out by various institutions of public trust, extortion still remains one of the most frequent methods applied by fraudsters:

• “a grandparent scam”, where a fraudster calls a person, claiming to be his or her friend or relative, asking for financial help in connection with an emergency situation of a friend or relative and urgent need of cash;
• “a police officer scam”, where a calling person poses as an officer and informs the interlocutor that most probably he or she will become a victim of a criminal group. As a result, the criminal induces the victim to co-operate, asking him or her to provide some funds as bait for the purposes of the conducted action. Fraudsters often suggest that a bank or its employees are involved in the alleged criminal group.

More often than not, criminals induce their victims to withdraw funds from the bank, to withdraw a deposit, take a loan etc.

Fraudsters instruct their victims not to contact their family or other persons and require immediate action. In their actions, they usually use emotions of the victim, intimidating them or creating a tense atmosphere.

Stay alert.

Recently, scammers have started to place fake QR codes on some ATMs. The codes are placed illegally without the consent of banks and ATM service providers, and are not connected in any way with banking services.

Fraudsters stick the fake codes to bait potential victims and make them scan the codes using their smartphones. Scanning the code is followed by the SMS PREMIUM service for which there is a large fee charged. Additionally, fake QR codes lead to malicious websites that trick the victims into installing malicious software. During the installation, customers are required to key in confidential data such as logins or passwords.

Therefore, you should be extra attentive while scanning QR codes and avoid scanning a code in public places.

What to do if you fell a victim of the fraudsters?

You should immediately notify your bank and police of the suspected crime.

Recently, you may receive sms messages that claim to be from Electronic Platform of Public Administration Services. By the sms, you are inform that your cash loan application has been accepted and the loan will be disbursed within 60 minutes. You may cancel your request by clicking on the link that takes you to a fake site. As a consequence, fraudster may execute transfers from your account via online banking.

If you receive this kind of messages, please do not click on any links and notify your bank immediately.

Recently, you may receive fake sms messages that claim to be from a courier company that try to trick you into clicking on the attached link. You are informed that you need to make additional payment for a delivery. Once you click on the attached link, you are directed to a fake site infected with malware. As a consequence, fraudsters may execute transfers from your account at the time or after making the additional payment for the courier services.

If you receive this kind of messages, please do not click on any links and notify your bank immediately.

Recently there have been some fake emails reported that are sent by zapytania.wawer@pln.com.pl claiming to be from Bank Handlowy and asking you to open the attached link. They inform you of the completion of an order and costs of delivery, attaching fake invoices. They try to trick you into visiting a fake website in order to install a malicious software on your computer.

If you receive this kind of email, please do not click on any links or do not open the attached documents. We recommend to report such emails to us and notify relevant investigative authorities.

A new, dangerous voice recording application called “QRecorder” is now available in Google Play, targeting Android smartphone users who bank online.

The malware planted in QRecorder app, Spy Banker, steals the online banking login credentials. It can also take over the access to your text messages with one-time passwords, gaining access to your funds.

If you installed the malware, we advise to scan your device using an antivirus software. Additionally, we recommend to uninstall QRecoder app or restore default settings on your device.

If you detected the malicious app on your smartphone, please change your logon credentials and PIN using other trusted device.

Recently, the Internet users in Poland may have received emails with links to websites claiming to be of various institutions (e.g. companies selling Electronics Home Appliances, utility providers, postal service providers).

These messages and website contain malicious software or links to such software. The user is asked to click on the link attached to the message to check the status of the shipment or invoice. After clicking, the user is taken to a website that infects his or her computer with a virus. The users may also receive links to fake websites where false account number of company is provided.

To verify whether the email that we have received is phishing, you should check the following:

• Do you expect such correspondence? Does the company that contacted you has published on its website a warning about false correspondence?
• Sender address (in the case of phishing, after expanding it shows a different domain or country than the domain of a real company that the criminals pass off as).
• Grammar and logic errors in the message (e.g. date instead of address).

If you receive this type of message, do not click on the attached links or open the attached documents. If you expect this type of e-mail messages (e.g. you have a contract with the energy supplier), we suggest that you find the proper website instead of using links sent in e-mails. Bank recommends also to compare account numbers on the received invoices (electronic and paper) to avoid transferring money to a fraudulent account.

The new payment method is a kind of immediate payment. It is used by a growing number of Polish service providers (e.g. travel agents) as this form of payment allows them to obtain the money from their clients quickly.

The payment is similar to online payment methods with the name of your bank being displayed (without its trademark). If you want to use this method, you are asked to provide your online banking username and password. If your bank sends you SMS messages with a one time password, you are asked to enter the password on the website where you are making the payment. The username and password are sent to the agent that log in to your account and transfers the amount to the service provider.

Despite the fact that the service providers assure that this method is safe, the method is not recommended by the bank as it entails compromising your sensitive data to the third party, i.e. the agent. The data could be used in the future for unauthorized access to your account.

When using this form of payment, you are asked to:

• enter the name of your bank along with your account credentials;
• provide your username and password as well as provide your one-time password sent to you by the bank (if applicable).

Additionally, the third party often reserves the right to check your account balance and history.

Risks involved:

• violation of the banking account agreement and terms and conditions due to the provision of your confidential data to third party;
• loss of right to make a complaint in the event of unauthorized transaction;
• risk of using your login credential by third party to access your account.

We do not recommend to use this form of payment. Due to security reasons, we recommend to choose other forms of payment. Service providers which use the new payment method must offer its users also other payment alternatives.

Recently, there have been some intensified attacks on the auction website users reported. They are sent e-mails or SMS messages from senders claiming to be potential buyers. In the message, they inform the seller that they transferred cash for the product. Usually, the transfer is made by a foreign bank. A fake confirmation of the payment blocking until the product is sent is usually attached to the email. The aim of the attack is to obtain the product without a payment.

These messages can also contain malicious software or links to such software. After clicking on the link, software infects your computer with a virus.

When receiving an email from a potential buyer, you should pay attention to the following elements:

• Delivery address (usually criminals use foreign address, it may be Nigeria, Hungary)
• Sender e- mail address,
• Telephone number given in message (area code),
• Grammar and linguistic errors in the message.

If you receive this type of message, do not click on the attached links or open the attached documents. We should not correspond with the potential buyer as mentioned above. If you believe you may have fallen a victim to such attack,, you are asked to contact the administrator of the web portal. If you sent your product and did not get payment for it, please contact the law enforcement authorities (Police or Prosecutor).

Please be kindly reminded that in order to take advantage of our offers prepared together with our partners, we will never ask you to provide your debit or credit card details or any other sensitive data. Those who want to sign up for an offer with us are asked to provide only their full name and phone number to be contacted by our representative.

In view of the recent text message scams, we warn you against fake text messages that claim to be from Biedronka or Lidl and are sent in order to steal your debit or credit card details.

The text messages contain a link to a page that informs you of winning a PLN 300 gift card. After clicking on the link in the text message, you are directed to the following site:

Then, after clicking “OPEN THE ATTACHMENT”, you are informed that you have won the Gift Card, and are asked to click the “ACCEPT” button. Once you click on it, there is a message on the screen that in order to protect your personal details, you are asked to answer a few questions.

Next, you are asked to acknowledge that you want to collect the gift card by entering your email address and password. Finally, there is a contact form in English displayed on the screen where you are asked to enter your debit or credit card details. If you provide the details, your card will be debited with the amount of USD 49.90 (ca. PLN 178.00) within the next 7 days.

Contact form:

If you have fallen a victim of this attack and provided your debit or credit card details, please contact us immediately on (+48) 22 692 2484.

A new, dangerous application called “Utra Explorer” is now available in Google Play, targeting customers of 15 Polish banks. The application has been designed for Android smartphones and to steal login credentials and capture SMS’es.

Here is how the malware looks in Google Play:

When you are installing the application, it asks you for access to multiple functions, including SMS’es:

• modification and removal of your phone’s memory;
• reading the phone’s memory;
• receiving text messages (MMS i SMS);
• reading text messages (SMS i MMS);
• SMS sending out and displaying.

We advise you to be very careful when downloading applications even from trusted sources such as Google Play. You should always make sure that an application name and icon are original. Even a slight difference versus the original name or any inaccuracy in the operation of the application should raise your suspicion. Additionally, once the application is installed, you should check what permission it is asking you for. Asking you for access to your SMS’es, downloading files from unknown sources or asking you for an extensive list of permissions should raise a red flag immediately. At the same time, we recommend to bank online using only trusted Internet browsers or the Citi Mobile® app.

What to do if you have already installed the application and entered the requested details?

• immediately contact us via CitiPhone at (+48) 22 692 2484;
• change your logon details and PIN using other trusted device;
• uninstall the malicious apps and restore default settings on your device

A new dangerous application targeting Polish bank customers was found hiding on the Google Play store.

Here is how the malware looks in Google Play

The malicious application is said to support all Polish mobile banking platforms. Its list includes 21 Polish banks. Short description of the software presented in Google Play lists all the supposed functionalities of the application after it is installed while in fact its only functionality is to steal your login and credit card details.

The application asks you for access to your SMS’es

When you are installing the application, there is a message displayed on the screen that the software requires an access to your SMSes to run properly. The application is said to be designed to store your login details to as many as 21 mobile banking platforms offered by the Polish banks. Depending on which option you choose, you are asked to enter your login details or your credit card details directly in the malware. Once you enter the credentials, they get stolen by the application and there is a message on the screen saying that a temporary error has occurred and you are asked to try again later.

The malware after it is installed on your device

We advise you to be very careful when downloading applications even from trusted sources such as Google Play. You should always make sure that an application name and icon are original. Even a slight difference versus the original name or any inaccuracy in the operation of the application should raise your suspicion. Additionally, once the application is installed, you should check what permission it is asking you for. Asking you for access to your SMS messages or downloading files from unknown sources should raise a red flag immediately. At the same time, we recommend to bank online using only trusted Internet browsers or the Citi Mobile® app.

What to do if you have already installed the application and entered the requested details?

• immediately contact us via CitiPhone at (+48) 22 692 2484;
• change your logon details and PIN using other trusted device;
• uninstall the malicious apps and restore default settings on your device.

Later in November 2017, two dangerous apps – "CryptoMonitor" (app tracking cryptocurrency prices) and "StorySaver" (Instagram extended feature) were found hiding on the Google Play store, which have enabled fraudsters to gain login credentials of online banking users of a few Polish banks, including Citi Handlowy.

After downloading, the malware scanned the device against any banking apps installed. If such app has been found, they sent fake logon forms imitating the real banking app to steal user names and passwords. The malware was also equipped with extended device authorization that let fraudsters take control of and send SMSes without users knowing about it, which was used to steal One Time Passwords and break two-layer authentication and, eventually, steal money from the users’ accounts.

Both apps have been removed from Google Play store soon after but a few thousand Android users may have been infected by the malware in the period when the apps were on the Google Play store.

What to do if your device gets infected?

• Immediately change your online banking passwords using a secure device with up-to-date anti-virus software;
• Check your account statement against any unauthorized transactions and if detected – get in touch with us immediately;
• Uninstall the malicious apps and restore default settings on your device;
• Install a good and up-to-date anti-virus software and scan your device.

How to protect yourself for the future?

• Make sure you have an up-to-date system and application software on your device;
• Install a good anti-virus software and turn on automatic virus signature updates;
• Be careful when you install any software on your device and pay attention what access it requires;
• Before you install anything, always remember to read comments and rates submitted by others;
• Be very careful when an app asks for extended authorization to receive or send SMSes or phone calls, administration authorizations or wants to take control over your keyboard.

This case shows that fraudsters can now smuggle malicious software into trusted sources such as Google Play or Apple Store. Therefore, you should be very careful whenever installing any software on your phone that you use for online or mobile banking, and follow the highest online banking security standards (do not share your phone with anyone, be very careful when clicking on links in emails or SMSes, do not install software from unknown sources, turn on default security settings, make sure your software is up-to-date, etc.).

Beware of fake emails sent by fraudsters posing as a banking institutiom, including Citi Handlowy. The emails claim that the bank account of the client was locked due to significant changes in the account activity. The client is asked to click the link in order to confirm or review the account information. The incident aims at obtaining sensitive information such as personal details or logon credentials.

We remind you that we will never inform you of your account being locked or suspended via an email or SMS. Also, we will never ask you to click any link in order to have your bank account unlocked.

If you ever receive a suspicious email claiming to be from Citi Handlowy, we recommend checking carefully the URL address of the attached link by moving the cursor over the link without clicking it. We also advise you to scan the email against any grammatical or logical errors (e.g. using an incorrect name of our bank other than Citi Handlowy). If you still have doubts or have a security concern, please contact us at (+48 22) 692 2484.

To learn more about our email communication with the clients, please visit our Safe Banking section where we inform i.a. how to make sure that the email received from Citi Handlowy with a link to the Citibank Online transactional platform is legitimate.

If you think you may have provided confidential information in response to such fake email, you are asked to immediately contact CitiPhone at (+48 22) 362 2484 or (+48 22) 692 2484.

For enhanced safety, from August 11th, 2017 access to Citibank Online will no longer be possible from devices that use the following combinations of browsers and operating systems. Additionally, from August 18th, 2017 it will no longer be possible to access Citi Mobile from devices running on Android versions below 4.4.

To find out which version of the operating system you have on your smartphone or tablet, please go to the device Settings -> About phone/tablet. To determine what version of the operating system you have installed on your computer, go to My Computer -> Properties.

If you have one of the above operating system versions on your device, please update your system to the latest version. Remember to use only trusted sources for your updates.

Recently there have been many phishing incidents reported targeting online banking users. The incidents aim to obtain sensitive information such as your bank account usernames, passwords or your card credentials. Criminals are sending scam emails claiming that you have been locked out of your account due to, e.g. unauthorized use of your bank account. They try to trick you into clicking a link that will take you to a phishing site controlled by the fraudster, enabling them to steal security details that can be used to access the victim’s bank account online. If you ever receive such email, please contact us immediately.

Please remember that Citi Handlowy will never ask you for the following via an email or text message:

• to provide sensitive information such as your logon details, one-off text message authorization codes, your card credentials, PINs or your mobile phone details (such as your phone number, brand or device model);
• to install/update your software or security certificates on your computer/phone.

We advise you to carefully read any text messages received from the bank and verify the text message information against the details of the transaction that you are making using online banking or mobile apps. This refers to both, one-time text message authorization codes where you should carefully verify the transaction details, as well as information messages. Should you have any doubts, please contact us immediately.

In order to provide you with the best customer experience, we sometimes send emails or SMS messages with links to our offers. In this "Security Alerts" section you can find out whether an email or SMS you received is from Citi Handlowy.

We want to warn you to expect new methods of operation of the so-called Trojan horses in the area of electronic banking. Frauds manipulate information you see on the screen to create a new recipient on the payment list to whom funds from the attacked account are going to be transferred later on.

After the user has logged on to the transaction system, the Trojan shows the user a message that the last attempt to send a transfer failed. Next, the Trojan creates, and the account owner is not aware of this, a new recipient by filling in in its name the data from the last transfer (to deceive the user to believe that the user is updating the last transfer) and forces the user to enter a one-time authorization code. In the next steps, the Trojan increases the daily limit for online transactions to the maximum level possible. It does so by manipulating the on-screen message which says that the operation needs to be authorized one more time. As a result, a new recipient with a fake account number is created to which the maximum allowed amount is transferred. All this happens with the involvement, but without the knowledge, of the user.

Such situations have been very rare so far. Nonetheless, we remind you that: The Bank always asks you for an authorization code ONLY once. For a submitted online transaction (e.g. a transfer), you should always stay alert and carefully check if the content of a text message (and especially the account number of the recipient and the amount) is in accordance with the submitted order. If you detect any suspicious activities, please contact the Bank immediately.

A SIM SWAP fraud may occur when an unauthorized person obtains a duplicate SIM card and thus intercepts your phone number. With the help of this duplicate card, the fraudster may gain access to your online banking, change your access passwords, and even execute fraudulent banking transactions on your account with you being unaware of it.

You should contact your mobile operator immediately if you stop receiving calls or texts and cannot make phone calls in places where it is in fact highly unlikely not to have signal (e.g. city center) to make sure no duplicate SIM card has been recently issued to an unauthorized person.

Also, if there is a message on your phone that there is no signal or no service (e.g. “No service”) despite restarting the phone, you should contact us immediately via CitiPhone or Citibank Online to disable sending passwords and one-time transaction authorization codes to your phone number.

There has been recently spotted a trend emerging in malicious websites distributed via SMS phishing. Mobile device users receive text messages with web addresses that imitate those of legitimate websites.

The phishing attacks target primarily Facebook, Apple, including iCloud, Craigslist, and OfferUp.

They are part of the tactic for phishing specifically mobile devices - if the site is delivered via an SMS link, it is not possible to check the legitimacy of the site before tapping it. Mobile-focused phishing attacks attempt to conceal the true domain they were served from by padding the subdomain address with enough hyphens to push the actual source of the page outside the address box on mobile browsers. Below you can see the example of the malicious address:

• m.facebook.com----------------validate----step1.rickytaylk.com/sign_in[dot]html

How Can You Protect Yourself Against the Attacks?

Pay particular attention every time you receive a text message with a link to a website. If you have any doubts, please do not tap it before you make sure the site is legitimate. Also, we want to remind you of the links to the sites that can most frequently appear in text messages sent to you by Citi Handlowy: www.online.citibank.pl, www.citibankonline.pl, www.citigold.pl.

We protect our website with VeriSign Secure Site certificate. Extended Validation SSL certificates trigger the browser address bar in high-security browsers to change to a green color. IF you have any doubts regarding the safety of our sites, please contact Citibank Online (technical support) on (+48 22) 692 2484.

A new wave of phishing attacks that target online banking users has been reported in Poland. Cyber criminals claiming to be from a legitimate source such as a government institution (e.g. Ministry of Finance, Ministry of Digital Affairs or Tax Authorities) may contact you via email in an attempt to get you to open an attachment that contains malware. For example, the scammers pretending to be from the Ministry of Finance send you an email with the attachment to inform you that you have not reported your income. Opening the attachment results in your computer being infected with GozNym or ISFB malware that is known for attacking online banking users.

Scammers may try to trick you using different methods that are designed to gain your trust and make you less vigilant. They often play on your emotions such as fear to push you to act impulsively (e.g. threat of financial penalty, criminal responsibility, financial or data loss, etc.). Here are a few useful tips that you should follow to ensure that your online banking experience is safe:

• Never fully trust that an email or text message is from whoever it says in the From field.
• Always double-check the sender’s email address, links and other information contained in the email either on the official site of the institution the email is coming from or by calling such institution.
• Spot phishing e-mails by looking for spelling mistakes or grammatical errors.
• Do not open any attachments or click any links from unknown or untrusted sources.
• Be suspicious of any email asking you to click a link that takes you to a page where you are asked to provide your personal details, usernames or credit card numbers.
• Always verify the details contained in the text message that appears to be sent from your bank (one-time authorization codes or information on potential fraud).

If you believe you may have fallen victim to a phishing scam, please call or visit us immediately.

Please be advised that criminals have intensified attacks on users of electronic banking in Poland.

Internet users may have received recently e-mail messages from senders passing off as various institutions (e.g. companies supplying electricity or courier and postal service firms). These messages contain malicious software or links to such software. The user is asked to click on the link attached to the message to check the status of the shipment or invoice. After clicking on, the link the user is transferred to a website that infects his or her computer with a virus.

To verify whether an e-mail message may be phishing, you must pay attention to such elements as:

• Do you expect such correspondence? Does the company that contacted you publish on its website warning about false correspondence?
• Sender address (in the case of phishing, after expanding it shows a different domain or country than the domain of a real company that the criminals pass off as).
• Grammar and logic errors in the message (e.g. date instead of address).

If you receive this type of message, do not click on the attached links or open the attached documents. If you expect this type of e-mail messages (e.g. you have a contract with the energy supplier), we suggest that you find on your own the proper website instead of using links sent in e-mails.

In order to provide you with the best customer experience, we sometimes send emails or SMS messages with links to our offers. In this "Security Alerts" section you can find out whether an email or SMS you received is from Citi Handlowy.

Please be informed that a GozNym malware, attacking computers of electronic banking system users, has been spotted

How GozNym malware works?

Computers get infected in case user opens an attachment from an infected email. Activated malware checks what banking platforms is used by the user. Next, when user attempts to log in to his electronic banking platform gets redirected to a fake transactional service and the genuine banks electronic banking platform gets blocked.

How to prevent malware installation?

Do not open suspicious links and attachments sent via email.

Do not reply to any emails in which you are asked to provide your personal data or access codes.

Install and make work an anti-virus protection software, that has an updated malware database.

For more information on electronic banking safety features please visit following tabs: Basic Security Tips and Additional Security.

Please be informed that a new digital banking attack scenario has been developed by hackers in Poland.

According to the information provided by The Polish Bank Association hackers send SMS messages informing that smartphone system update is required otherwise it won’t be possible to use some features of the device. In the SMS sender field it appears either an unknown phone number or ANDROID tag. Massage contains also a link to a fake website to download the update. Device get infected with the malware Trojan when user unlocks option of installing applications from untrusted sources, and installs an application that requires access to sending and receiving SMS messages or even calling premium numbers (high connection charges).

Installation of this malware allows hackers to take control over the device and at any attempt to logon to online banking platform it will inform about the need of an additional one-time authorization code verification send to user’s device by the Bank via an SMS. It’s an attempt of stealing user’s codes and log on data, which once accessed by hackers will allow them to perform unauthorized transactions or change account settings.

Therefore, to avoid this malware software, users should beware of any suspicious requests to provide their one-time authorization codes and shall not click on any suspicious links in messages send by unknown senders. Information regarding operational system update is never being sent via an SMS. Any mobile application should be installed only from a trusted platform such as Google Play or AppStore. To improve device safety the option allowing app installation from untrusted sources should be switched off.

A new type of malware attacks has been spotted recently targeting the Polish online banking users.

The malware used by hackers displays a pop-up box after you have logged on to your online banking system. The box states that you may additionally insure the transactions you make online and asks you to add a new account number to your list of predefined payees.

Please be kindly informed that we do not offer such insurance! You should cease the transaction and notify us immediately of any such attempt since your computer may be infected with malware.

It is important that you carefully check all the details and the account numbers that you add to your list of predefined payees. Please be reminded that all the transaction details are stated in the SMS One-time Authorization Code that contains:

• name of the bank
• transaction details (e.g. name, the last four digits of the account to be added)
• transaction date
• code.

For enhanced security of your computer, please scan your computer regularly against any attacks using antivirus software.

A new type of malware has been spotted that may attack the online banking users.

The malware allows hackers to steal your user name and password as you enter them during the logon process. Once you have logged on to the system, you will be asked to install antivirus software on your mobile phone. To trick a user attackers may use a malware which looks identical to the original online security software of known and popular antivirus software vendors (for example Trusteer Rapport, McAfee, Kaspersky etc.).

First, the user is asked to select the operating system and then to enter the phone number that he/she uses to confirm the banking transactions. Later, the user receives the SMS containing the link to the fake software. Once the fake software has been downloaded and activated on your computer, the hackers will be able to fully control your device, stealing all your confidential data, including one-time SMS authorization codes.

Remember, Bank is never sending links to any antivirus software. We recommend installing antivirus software for your mobile device downloaded from official application stores (App Store, Google Play) only.

If you believe you have been a victim of a malware attack, please contact Citibank Online at (+48 22) 692 2484

A new type of malware called Dyre has been spotted that may attack the online banking users.

There are a number of ways your computer can get infected with the malware, including, for example, opening e-mail attachments that direct you to an unwanted site (phishing e-mails). Once the virus has been installed on your computer, the hacker will be able to steal your username and password as you enter them during the logon process.

While logging on to the online banking system, you may be informed that it will take longer than usual to complete the logon process. During this time the hackers will use your user name and password to make changes and transactions in the system.

Therefore, beware of emails from unknown senders that contain suspicious attachments or links. If you have received a phishing email, please do not open it - just delete it immediately. Additionally, we recommend you use an antivirus program to make sure your computer is safe.

If you believe you have been a victim of a malware attack, please contact Citibank Online at (+48 22) 692 2484

CERT Polska has spotted a new wave of malware, mainly Tinba, attacks targeting the Polish online banking users.

In the new attack scenario, the malware used by hackers changes the number of the account which you are currently transferring money into. The change occurs upon you confirm the funds transfer and takes place without any outward signs visible to the user

It is therefore important that you carefully check the account number and the funds transfer amount with the confirmation SMS details.

A new wave of malware attacks has been spotted recently targeting the Polish online banking users.

In the new attack scenario, the malware used by hackers displays a pop-up box after you have logged on to your online banking system. The box states that you may additionally insure the transactions you make online and asks you to add a new account number to your list of predefined payees.

Please be kindly informed that we do not offer such insurance and you should notify us immediately of any such attempt. It is important that you carefully check all the account numbers added to your list of predefined payees!

Please remember not to install any anti-virus protection software or certificate to use Citibank Online on your computer or smartphone.

The only way to safely do your mobile banking is to download our Citi Mobile app from App Store, Google Play or BlackBerry App World.

Users of mobile banking are targeted by ZITMO, malicious software that poses a threat to funds deposited into bank accounts. The victims are urged to install the malicious software or "e-certificate" which enables hackers to access the accounts.

For more information on the fake anti-virus protection software and e-certificate, please visit CERT's site.

If visiting our websites you spot any information urging users to install the certificate, please:

• report the fake site by filling out the form
• contact Citibank Online support services on (+48 22) 692 2484

We will take appropriate action to block the fake website and eliminate the source from which the scam e-mails are sent.

For information on malware removing, please visit CERT's site.

The Bank has noticed a new attack scenario carried out by VMZeus malware. In this scenario, the customer is asked to allegedly confirm their contact number using a single-pass code. In reality, this number is substituted in the system for a number controlled by criminals.

We recommend paying particular attention to any operations related with changing the contact telephone number in online banking. Substitution of the telephone number may lead to a situation in which the criminal obtains all information necessary to carry out an unauthorised transaction and transfer financial resources.

Any suspicious situations should be reported by:

• filling out form
• sending us printed pages via facsimile (+48 22) 692 98 03 or
• submitting print-outs of pages to any Bank Branch.

New malware known as Android.BankBot.34.origin/ has been observed on the Internet. It can obtain users’ private data from infected devices and, as a consequence, steal funds from online and mobile accounts associated with these devices.

The following actions can facilitate installation of this type of software:

• enabling the option to install applications from untrusted sources in the operating system,
• permitting programme installation by confirming authorisation,
• adding a programme as "device administrator" in a separate dialog box.

At the same time, we recommend:

• not installing on your mobile devices applications from suspicious sources which disable the function allowing for omission of Google Play while downloading software,
• paying particular attention, while installing an application, to the list of functionalities to which a given application will refer.

The Polish Bank Association would like to inform you about a new type of malware known as Banapter. It threatens Customers who use online banking via popular Internet browsers: Firefox, Internet Explorer or Opera.

Criminals use spam e-mail to infect Customers’ computers. These e-mails reach random recipients, but many of them are also received by customers of Polish banks.

More information about the threat

Fraudsters send fake e-mails urging you to provide confidential information. Such e-mails usually contain attachments and/or request for confidential personal details. They may also contain a link to a fake Citibank Online site which looks almost identical to the proper one.

In order to provide you with the best customer experience, we sometimes send emails or SMS messages with links to our offers. In this "Security Alerts" section you can find out whether an email or SMS you received is from Citi Handlowy.

If you receive a scam e-mail claiming to be from Citi Handlowy or Citigroup, we kindly ask you to:

• report the fake e-mail by one of the bank's contact channels,
• contact Citibank Online support services on (+48 22) 692 2484

In case of reporting any fraudulent activity, the bank in cooperation with local law enforcement officials will take appropriate action to block the fake website and eliminate the source from which the scam e-mails are sent..

If you think you may have provided confidential information in response to such fake e-mail, you are asked to immediately contact CitiPhone on ((+48) 22 362 2484 or 48 22 692 2484).

Malware such as trojans/keyloggers can be secretly installed on your PC. This software enables hackers to see the text you type on your computer or scan your computer in search of credit card or bank account information, as well as spy your Internet habits and behavior.

Malware may be served as hidden codes within a website, email or email attachment’s code. Therefore it is essential that you regularly update your anti-virus software and firewalls installed on your computer.

If your anti-virus software detects and removes a trojan horse, please remember to immediately change your Citibank Online user name and password.

The Internet users were informed some time ago of the security gap in popular Internet Explorer web browser. The gap can let an attacker to take control of a computer if the user clicks on a link to a malicious website. Therefore you should immediately update your Internet Explorer browser using Microsoft website.