Alert iconWarning: Unsupported web browser

In View no longer supports your current web browser version, which means some functionality may be limited. Please update your browser for the best experience before you log in.

close icon
Citi Private Bank logo

Unsupported browser

Our website no longer supports your current web browser version, which means you are no longer able to access this website. Please update your browser to continue.

Cash management
April 30, 2020
2 mins

Defending against cybercriminals amid the pandemic

April 30, 2020
2 mins
Jake Norwood
Global Head of Cyber Security Fusion Centre
Danielle Meah
Global Head of Cyber Threat Intelligence
man typing on laptop

Cybercriminals are trying exploit the COVID-19 pandemic. Applying some simple rules can help protect against such attempts.

The COVID-19 pandemic has brought out the best in many people. Around the world, communities have come together. They have practiced social distancing, showed solidarity with the victims of the virus, and publicly displayed their gratitude to front-line workers. Inevitably, however, there are a few unfortunate exceptions. As some selflessly risk their lives for the greater good, cybercriminals appear to continue their phishing attempts.

Phishing is a fraudulent attempt by cybercriminals to try to obtain sensitive information from victims by impersonating a legitimate business, organization, or person. These phishing emails usually contain malicious attachments or links that can download malware or redirect victims to malicious sites where the cybercriminals are seeking to steal users’ data, such as account credentials, financial information or social security numbers.

In many ways, this should come as no surprise. The COVID-19 pandemic creates new themes and opportunities for cybercriminals. Importantly, the subject of COVID-19 itself may provide a good hook in fraudulent communications. After all, we may be more likely to open emails that seemingly contain information, advice or appeals in relation to the pandemic.

Perhaps the best overall guidance is to check electronic communications even more rigorously than usual. Among the specific red flags we recommend to Citi Private Bank clients to be aware of include:

  • Sense of urgency: Emails marked with the threat of compromise, urgency, or potential loss or gain within a short time period should be examined closely. Malicious actors use intimidation as a tactic to solicit a response out of fear or panic.
  • Account information validation: Links are often included in a phishing email that leads to a legitimate-looking website that prompt victims for usernames, passwords, account numbers, and security questions. There may be a stated password change or verification required.
  • Misleading domain names: By adjusting a web address, bad actors try to make a website seem legitimate. Users are likely to click on a link containing the name of the company in question, as they aren’t familiar with how a web address is constructed.
  • Poor spelling and grammar: Organizations want continued business, knowing a great deal depends on the way they present themselves to others. Bad spelling or improper grammar suggest the writer does not speak the language fluently and is not representing a legitimate company.
  • Only logging in to accounts via the official website or app.
  • Always contact your Private Banker immediately to verify any Citi Private Bank email or other message you find suspicious.

Amid the worst global pandemic for over a century, it is only natural that our first thoughts are with the health of our loved ones and helping others. Nonetheless, it is also important to protect our data and finances from those who are cruelly trying to exploit the situation. Stay safe and stay vigilant.


See our insights and the issues that matter for your wealth.

View all insights


See our insights and the issues that matter for your wealth.

View all insights
Close Modal

You're about to leave the Citi Private Bank website

By clicking continue, you will visit a third-party website that is not owned or managed by us. We have no control of the content, privacy or security beyond this point.Continue

Stay on this page