September 21, 2022

How to spot and avoid prevalent financial scams in the digital age

September 21, 2022
Alejandro Serrano
Citi Private Bank Global Cyber Security Co-lead
Matthew Rhodes
Citi Private Bank Global Cyber Security Co-lead

Contemporary fraudsters often perpetrate scams via phone, text or email. Exercising caution and following simple safety tips could help you spot and avoid these common cons.

Deception for financial gain is as old as the hills. Perhaps the earliest recorded example comes from Ancient Greece, when a merchant conspired to sink an empty ship in an insurance-related scam. Not only did this 300 B.C. fraudster fail, but his angry crew chased him to a watery demise.

The ongoing advance of digital technologies has opened many new opportunities for contemporary confidence tricksters. Unlike their predecessor of over two millennia ago; however, cyber fraudsters are not risking life and limb if their scheme goes awry. Indeed, they don’t even need to be on the same continent as their prey.

But just as the dishonest Ancient Greek merchant’s trickery was foiled thanks to the vigilance of others, you too can use awareness to help defeat many of today’s sophisticated cyber-swindles. Scams vary in nature and tactics. Here we outline three types of scams and what to do in the event of an attack.


The telephone is hardly state-of-the art technology, nor is its use in fraud especially novel. However, digitalization has nonetheless created new possibilities for cyber criminals. “Vishing,” or voice phishing, involves masquerading as a trusted or reputable organization over the phone in a bid to extract money or sensitive data.

Typical vishing attempts include calls telling you that you have outstanding liabilities on your account with a supplier or the tax authorities, that you’ve won a prize or that your bank account has been compromised. The common factor tends to be creating a sense of urgency, such that you do what the criminal says there and then.

The digital element takes various forms. Some vishers use a phone number that vaguely resembles that of a legitimate organization, just with a few digits changed. If they are seeking an instant payment, digital payments platforms are critical. Finally, criminals targeting your information often seek passwords or other details that will enable to them to compromise your online accounts.

What to do if you’re unsure: When in doubt, always verify. Your best course of action is to call the organization that has supposedly called you but using a number you know to be genuine rather than any number given to you during the suspicious call. Ensure you hang up the phone properly first, waiting 15 seconds until the line is fully disconnected and then another 15 seconds before beginning the new call. Alternatively, use another device to call.


Despite the ubiquity of mobile phones in everyday life, voice calls are losing popularity overall. Younger consumers prefer communicating via text messages. “Smishing” cons perpetrated by way of short message service (SMS) and equivalents are burgeoning. Like vishing, smishing also involves criminals pretending to be from an organization you trust to misappropriate your personal information or funds. Again, there is almost always a call to immediate action like claiming a prize or discount offer by text message. The mechanism typically involves clicking on a compromised internet link within the message, calling a number, as well as verifying new payees, transactions or devices. The fake text is often sent from hidden mobile numbers.

What to do when unsure: If you believe you have received a smishing attempt, do not tap any links, download attachments in the message, or reply from your device. Simply mark as spam, block the number, delete the text message, and alert the impersonated organization using a phone number or contact information you know to be genuine.


Vishing and smishing are widespread and costly to their victims. Email phishing, however, is the most prevalent variation of this scam. Again, the communication will be dressed up to look like it has come from a legitimate source, such as a financial or payments provider, an online retailer or the tax authorities.

The phishing email will likely encourage you to click on a website link, compel you to take urgent action or threaten to freeze your account if you don’t respond. It may even claim that you are either owed or owe money and ask you to give confidential or security information. It may also include instructions to reply or for you to verify your account, for instance completing a form attached to or embedded in the email.

Like most other organizations, Citi will never request your login credentials over email.

What to do when unsure: Take it slowly. Scrutinize the sender’s email address, not just the sender’s name. Very often, the domain name will be different to that of the trusted source it purports to come from. Look out for spelling mistakes, grammatical errors and poor presentation. These are often telltale signs of a scam communication.

Never click any links or download any attachments. Mark the email as spam and immediately delete from your mailbox. Finally, report the fraud to the organization mentioned using contact details you know to be genuine or visit their website.

Contact us

To help put you in touch with the right Private Bank team, please answer the following questions.