Citi Private Bank

Our website no longer supports your current web browser version, which means you are no longer able to access this website. Please update your browser to continue.

Sign in

System Outage
Citi Private Bank logo

Language Notification

Please be advised that future verbal and written communications from the bank may be in English only. These communications may include, but are not limited to, account agreements, statements and disclosures, changes in terms or fees; or any servicing of your account.

Por favor, tenga en cuenta que es posible que las comunicaciones futuras del banco, ya sean verbales o escritas, sean únicamente en inglés. Estas comunicaciones podrían incluir, entre otras, contratos de cuentas, estados de cuenta y divulgaciones, así como cambios en términos o cargos o cualquier tipo de servicio para su cuenta.

Informamos que as futuras comunicações do banco, verbais e escritas, podem estar disponíveis apenas em inglês. Essas comunicações podem incluir, entre outras, acordos de conta, extratos de conta e divulgações, alterações aos termos ou tarifas, ou qualquer tipo de serviço pertinente à sua conta.

仅此通知,本行即日起发出的口头及书面通信可能将只提供英文版本。这些通信可能包括但不限于账户协议,账单和通知,条款或费用变更;或任何为您账户提供的服务。

Please be advised that future verbal and written communications from the bank may be in English only. These communications may include, but are not limited to, account agreements, statements and disclosures, changes in terms or fees; or any servicing of your account.

Por favor, tenga en cuenta que es posible que las comunicaciones futuras del banco, ya sean verbales o escritas, sean únicamente en inglés. Estas comunicaciones podrían incluir, entre otras, contratos de cuentas, estados de cuenta y divulgaciones, así como cambios en términos o cargos o cualquier tipo de servicio para su cuenta.

Informamos que as futuras comunicações do banco, verbais e escritas, podem estar disponíveis apenas em inglês. Essas comunicações podem incluir, entre outras, acordos de conta, extratos de conta e divulgações, alterações aos termos ou tarifas, ou qualquer tipo de serviço pertinente à sua conta.

仅此通知,本行即日起发出的口头及书面通信可能将只提供英文版本。这些通信可能包括但不限于账户协议,账单和通知,条款或费用变更;或任何为您账户提供的服务。

Stay-vigilant-against-cyberattacks-during-the-holiday-season

Perspectives

Stay vigilant against cyberattacks

Michael Zinkowski

By Michael Zinkowski

Head of Banking & Treasury Management Sales and Advisory - Americas

December 4, 2020Posted InTreasury management

Dependency on digital communications has become widespread, and this certainly holds true within treasury and finance functions. With nearly all organizations now employing remote working arrangements in response to the pandemic, the scale and extent of the remote environment place unprecedented pressure on internet, remote access, and connectivity infrastructure. Now more than ever, organizations need to build their cyber resilience.

Payments Fraud & Cyber Incident Response Speed is of the Essence

Since the start of the pandemic, there has been a proliferation of COVID-19 themed phishing and spear phishing campaigns, man-in-the-middle (mitm), malspams, ransomware, distributed denial of service (DoS), and fraudulent websites. Cybercriminals are becoming increasingly creative in seeking access to networks and finding new ways to exploit users and technology to access passwords, data, and confidential information. Current statistics highlight that cybercrime has increased significantly due to the COVID-19 pandemic and other major events, and the vast majority of cyberattacks deploy social engineering methods, often delivered by email.[1]

Business Email Compromise (BEC) continues to be a key source of cyber incidents, responsible for attempted or actual payments fraud attempts, which could provide a direct monetary threat to any organization. According to the 2020 AFP Payments Fraud and Control Report, Accounts Payable and Treasury departments are most vulnerable to being targeted by BEC fraud.[2] On April 6, the FBI published a press release suggesting BEC using COVID-19 themes will increase.

BEC scams typically target individuals who perform fund transfers. The fraudster impersonates a normal business contact and requests funds be sent to a new or alternative account. The cybercriminal can either compromise a legitimate email account or create a spoofed version of the account in order to convince the victim. COVID-19 is a common rationale used for this type of fraud because it can provide a sense of urgency to victims and a logical explanation for account changes.

Citibank, N.A., November 2020

 

We encourage you to remain vigilant of suspicious activity, and consider the below best practices to minimize your organizations risk:

  • Train Staff to Identify and Mitigate Risk

Ensure that your staff know their role in response to fraud and cyber events. In the current environment, we urge clients to beware of emails that claim to provide information on COVID-19, as these may be sent by cybercriminals to entice recipients to open malicious links or attachments. In addition, staff should always call on a previously known phone number to verify payments instructions received via email. Citi's Guidance on Combatting Fraud is a good resource to help prepare your team to spot red flags and mitigate risk. We recommend clients review their incident management processes in light of many changes to work environments in response to COVID-19.

  • Combat Payments Fraud

In a recent article, we shared suggestions to help combat payments fraud. Along with ongoing communication, training, and strengthening internal processes, it is critical to work closely with your banking partners to implement best practices, such as segregated payable and receivable accounts, and banking fraud protection and detection tools, including Automated Clearing House (ACH) Debit Blocks and Filters, and ACH and Check Positive Pay with Payee Name Verification. It is also important to evaluate and consider electronic or automated payment methods as an alternative to paper, to help reduce fraud risk.

  • Schedule a Relationship Review with Your Bank

In a recent article, we suggested topics to discuss at your Relationship Review, including your organizations security setup and related services, such as: account rationalization, system user entitlement / administrator review, and fraud prevention.

  • Increase your online security

To maximize your online security, combine fraud protection tools and services from your bank provider with employee training on risk mitigation:

 Citibank, N.A., November 2020

 

  • Secure employees remote-work environment

With residential internet via consumer services providers becoming the primary way for treasury and finance staff to connect to business networks, cyber criminals are exploiting network weaknesses and penetrating system defenses. As it is common for employees to overlook basic controls when working from home, our cyber security experts suggest educating your employees on how to make their remote-working environment more secure. Consistently remind employees how to implement suitable secured arrangements in their "home" workspace in case of potential cyber-attacks and avail them of support. This will help ensure the business continues to operate as efficiently and safely as possible.

 

Citibank, N.A., November 2020

One of the best offenses is a good defense. Prevention, detection and rapid response to cyber security attacks extend beyond technology to encompass people and processes. It is important for treasury offices to conduct a review of their existing process and assess what is needed to effectively prevent and mitigate cyber security threats in light of recent market disruption.

To discuss strategies to help mitigate risk and strengthen your cyber security, please contact us.

Contact us

 

[1] PurpleSec 2020 Cyber Security Statistics

[2] 2020 AFP Payments Fraud and Control Report