|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
As we approach the holiday season, please be aware that cyber-attacks may increase as your organization is preparing for the holidays and you may have reduced staffing at hand. It is important to remain vigilant and ensure your staff are aware of, and adhere to, your organization's security policies and procedures.
Over the holiday season, cyber-attacks may increase, exploiting temporary shortfalls in staffing that typically result from employees taking vacations. Citi recommends that you closely monitor your company's account activity and keep your systems updated with the latest patches and anti-virus software. With workplaces becoming more mobile, there are also additional risks with connecting mobile devices such as laptops and phones to public networks. Staff should be reminded to adhere to your organization’s security policies and procedures to combat fraud, including being aware of key escalation contacts should they observe any suspicious activity. In particular, employees should exercise caution when receiving emails from external and unknown sources, requests to change or add new account numbers, requests to pay invoices early, or other unusual requests.
In particular, we have observed the following trends:
|
|
|
|
Centered around news or holiday season events, emails that lure potential victims to click on malicious links, or open malicious attachments which can serve as the delivery platform for malware such as a Ransomware attack.
|
|
|
A form of fraud using social engineering to impersonate trusted officials over the phone or via text message. One example of vishing is criminals impersonating bank staff by phone, and requesting the victim’s online banking login details and passcodes to address a fictional ‘security or fraud incident’. The details provided by the victim are used to execute fraudulent payments.
|
|
|
Business Email Compromise
|
A long-standing scheme that exploits executive email accounts to execute fraudulent payments, continues to grow and evolve. In many recent cases, email is used by fraudsters to impersonate a legitimate supplier.
|
|
|
|
|
|
|
|
Citi Cyber Security Toolkit
Now available on Citi's Knowledge Exchange Center, the toolkit provides a range of resources to assist you in your efforts to protect your organization from cyber criminals. Explore the toolkit to keep up to date with some of the latest trends and threats, read practical guidance on the red flags to look out for, and learn what you can do in the event of fraud, such as:
|
|
|
|
|
Enhanced Login Experience with CitiDirect Mobile Token & Biometrics
CitiDirect Mobile Token
enables your organization’s users to
authenticate
their
identity
with simplicity and speed to
securely
access CitiDirect on their
computer or mobile app.
Combined with CitiDirect biometric
authentication,
it offers a
convenient
way to login to CitiDirect.
To learn more about
CitiDirect Mobile Token and Biometrics Login*,
access the resources below:
If you have questions or require additional information, please contact your Citi Representative.
|
|
|
|
|
Treasury and Trade Solutions
© 2022 Citigroup Inc. All rights reserved. Citi, Citi and Arc Design and other marks used herein are service marks of Citigroup Inc. or its affiliates, used and registered throughout the world.
Contact your Citi® Representative for more information. This is an automatically generated email, please do not reply.
United States: If you do not wish to receive this email please click [Response: Subscribe to List]. Citibank, N.A. 388 Greenwich Street, Attn: ACASH - TTS Marketing, New York, NY 10013
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|