Security threats on the internet

You will find up-to-date news on threats on the web in messages published by the Polish Bank Association (ZBP) and on the CERT site.

Please report any suspicious situations to CitiService by calling:
(22) 690 19 81 or 801 24 84 24 or by sending a message to

Below we present the most frequent security threats.

Fake e-mail messages (phishing)

Beware of e-mail messages sent by fraudsters who are impersonating employees of Citi Handlowy, other banks and financial institutions or providers of anti-virus software. They usually contain attachments and/or a request for confidential data or for installation of some additional software (e.g. a fake anti-virus program). Such a message may also include a link to a fake site of the CitiDirect service, which is almost identical with the genuine site.

If you receive any suspicious e-mail message which suggests any connection with our Bank or Citigroup, please immediately notify the Bank.

E-mail messages containing malicious software

Beware of malicious software sent in e-mail messages. Do not open any attachments, do not click on any links in messages from senders you don’t know. Even if an attachment is from a person you know scan it first with your anti-virus software.

Software which swaps account numbers

We have to warn you about software which can secretly swap bank account numbers (e.g. Banapter and Banatrix viruses). Such software is a threat to Clients who use the most popular web browser to access their online banking services: Firefox, Internet Explorer, Chrome or Opera. During an attack such malicious software is going through the process memory of the web browser to find the sequence of digits corresponding to the bank account number in order to replace it for an account number substituted by the criminals.

To infect a Client’s computer, criminals use spam distributed as e-mail messages.

Malicious mobile software

Apart from viruses which infect computers, there are also various types of malicious mobile software that can be met on the Internet and which can steal user data from infected devices and, as a result, funds from internet and mobile accounts connected with such devices. These are such program as: Android.BankBot.34.origin, iBanking, Zitmo. Some of them pretend to be free anti-virus scanners (e.g. offered under the name “Ant-Virus PRO”) or security certificate (e.g. “E-Security”), or impersonate well-known providers of anti-virus software.

As security measures against malicious mobile software we recommend the following steps:

  • In the settings of your device, block the possibility to install applications from untrusted sources.
  • Do not accept the installation of any application without prior verification of the entitlements and access to functionalities it requires.
  • Do not add application as "device administrator."
  • Do not install on mobile devices any applications which turn on the option which allows bypassing official stores (Google Play, AppStore and Windows Store) when downloading software (“Unknown Sources” option).

Trojans and keyloggers

Criminals often use spy software (keyloggers and Trojans) which can be secretly installed on a User’s computer.

Such software intercepts information entered on the keyboard or goes through the content of a computer to find credit card or bank account data and trace our behaviour on the Internet.

Spy software may be part of a website code, an e-mail message or its attachments. Therefore it is extremely important to use a trusted and updated anti-virus program and firewall, which help protect you from the inadvertent opening of infected component from the installation of such software.