I received the below email phishing scam spoofing Citibank. Along with running Light Point Security, I’m also a government employee.

Citibank Phishing Email Scam Linking to Malicious digikad.ro

The subject of the Citibank email scam is “Message ID: 72195”. As soon as I saw that subject line, I knew it was a scam, because it’s too generic. I wanted to get more information about this phishing scam, so I opened the email using Light Point Web to avoid downloading any malware.

The email says it is from “Citibank – Service” and the email address associated with that account is citibank.service@serviceemail.citibank.com. The body of the email message says, “You have received an urgent system message from the Citibank Department. To read your message, please, go to your account immediately.” You’d think that for such an urgent message they would have taken the time to provide a more descriptive subject line.

The link in the scam email points to the Romanian domain online.citibankcom.US.JPS.portal.Index.do.jTgFfNULSY.digikad.ro.

Citibank Email Phishing Scam Malicious Domain digikad.ro

The Norton site rating for digikad.ro identified 4 identity threats on the phishing site. Norton defines identity threats as items such as spyware or keyloggers that attempt to steal personal information from your computer.

Norton Rating For Malicious digikad.ro Domain of the Citibank Phishing Email Scam

How to Protect Yourself From Phishing Scams

Here are 4 things you can do to protect your identity, and personal information, from malicious phishing email scams.

  • If you receive an email message claiming to be from Citi, or Citibank, with the subject line Message ID: [set of two numbers here], do not open it, and delete it right away.
  • If you receive an email message from Citi, or Citibank, and are not sure if it’s a legitimate message, call Citi to confirm the email. Your account has a log of the email messages Citi has sent you. The Citi representative can tell you if they’ve sent you any recent emails. Citi’s 24 hour customer service number is 1-866-670-6462.
  • If you mistakenly open the email message, and it states that you need to check your Citi messages, or inbox, open up a new browser window and login directly to your Citi account. Never click on a link in these email messages. If after logging in to your online account, you don’t have any recent messages from Citi, you can be sure the email you received is a phishing scam. Delete it immediately.
  • If there is a link in an email message you are unsure about, hover over the link and look at what the status bar tells you. If the URL shown in the status bar isn’t for the website you’re expecting, it’s likely a phishing scam. In this Citibank scam email the link points to the digikad.ro website, not a legitimate Citi website. Note that the scammers tried to make it look like a legitimate Citi website by including citibankcom as part of the URL. Also notice the strange http-like characters at the beginning of the URL.

Malicious Citibank Email Phishing Scam Expanded Domain With Explanation

Citi will never ask you for your password, or to update personal information via email. If you receive a suspicious email claiming to be from Citi, or Citbank, forward it to submitphishing@citi.com.

Have you received similar phishing emails claiming to be from Citi? Let us know.