Security

Security

Security threats on the internet

You will find up-to-date news on threats on the web in messages published by the Polish Bank Association (ZBP) and on the CERT site.

In case of any suspicious situations please report immediately to CitiService by calling: (22) 690 19 81 or 801 24 84 24 or by email to citiservice.polska@citi.com.
CitiService Advisors are available from Monday to Friday, from 8 am to 5 pm. After these hours please send an email to the following address: alert.fraud@citi.com

Below we present the most frequent security threats.

Business Email Compromise (BEC)

Business Email Compromise (BEC) is a type of attack in which criminals send fraudulent e-mails or invoices with a payment request, usually impersonating a person known from previous business contacts, e.g. a contractor.

  When it happens:

  • Fridays or holiday seasons, e.g. Christmas
  • By the end of the working day
  • Popular absence seasons, e.g. summer or winter holidays, long weekends, bank holidays

  How it happens:

  • INVOICE
    Fake supplier invoice with a new account number
  • PAYEE CHANGE
    Business contact requests for payments to be made to a new account
  • EXECUTIVE
    Payment request from an internal senior manager
  • REAL ESTATE
    Changes to a beneficiary account during a property purchase or sale

  How to avoid threats?

Particular attention should be paid to the processes of handling transfers and document circulation in the company.

  • We recommend using the "callback" method, i.e. calling back the contractor, who is indicated in writing, in the invoice or in an e-mail, using the contact details available within the company. The change of the counterparty's account should be supported by additional verification (e.g. confirmation by phone with the counterparty, cover letter signed by persons authorized by the counterparty, preferably with the use of an electronic signature). Modification based on received e-mail may result in loss of funds.
  • Electronic invoices (PDF files, images, scans) should always be verified for correctness – in particular, a bank account. Any differences should be cleared with the contractor to avoid sending payments to criminals' accounts.
  • Regular daily verification of bank accounts, statements and account operations should be an ongoing practice for businesses.
  • We also propose using Citi Payment Outlier Detection intelligent payment verification – an advanced analytical tool that helps identify transactions that differ significantly from previous trends. Detailed information on the operation of Citi Payment Outlier Detection can be found at: https://www.citibank.pl/poland/corporate/english/citi-payment-outlier-detection.htm

  In the event of any suspicions of fraud, we recommend urgent contact with the bank to minimize the risk of losing funds.

Fake e-mail messages (phishing)

Phishing is one of the most popular types of attacks based on e-mail or SMS messages. Hackers take advantage of our emotions and needs, and pretend to be courier companies, administration offices, telecommunications operators, or even our friends. They try to obtain our login details, e.g. for bank accounts or the social media accounts we use, or business systems.

Phishing messages are prepared by cyber criminals to make them appear genuine. They may try to trick you into revealing confidential information, contain a link to a website spreading malware.

  How do I spot a phishing e-mail?

  • You will receive communications asking for the disclosure of personal information, usually via e-mail, instant messaging, or via a website.
  • Many phishing messages have incorrect grammar, punctuation, spelling, or lack Polish diacritics, e.g. "ą", "ę" etc. are not used.
  • Check that the e-mail comes from the organization that the sender refers to. Often the sender's e-mail address is completely unreliable, or it is not the same, for example, with the signature under the content of the e-mail.
  • Assess whether the overall quality of the e-mail looks like it may come from the organization / company the e-mail should come from, e.g. logos used, footers with the sender's details, etc.
  • Check if the email is addressed to you by name or refers to a "valued customer", "friend" or "colleague".
  • Be suspicious of words such as "send this information within 24 hours" or "you have been a victim of a crime, click here immediately".
  • Your bank or any other institution should never ask for your e-mail personal details.
  • Public administration offices never ask you by SMS or e-mail to pay for a vaccine or to settle taxes.
  • Check all commands or questions in the e-mail message, for example by calling to the bank asking if such a message was actually sent to you.
  • Pay attention to links also passed between friends, check if the link actually leads to the right page.

Telephone spoofing

Telephone spoofing is impersonating the caller at other numbers so that they can then call victims and pretend to be someone else.

  • Fraudsters call random people pretending to be bank consultants and tell various stories to manipulate the interlocutor and get into his account. The victim of spoofing is convinced that he is talking to the bank's hotline, because such a number was displayed on the phone screen.
  • The fraudster first tries to scare the interlocutor into acting under the influence of emotions, most often informs him about an alleged hacking into a bank account and the need to take quick action to block the possibilities of burglars. The victim is convinced that he or she is talking to the bank's hotline, an office worker or a policeman.
  • Most of the interviews, however, contain two elements: time pressure and the feeling of being threatened. Usually, scammers persuade victims to transfer money to a given account or install an application that allows them to take control over the caller's phone or computer, and consequently over their account. Any telephone request for money or bank details should be viewed as fraudulent.
  • The police urge us to be careful with this type of contacts and to verify the identity of the people who call us.

  How to protect yourself?

  • Never give your internet banking login and password over the phone.
  • Never install additional software to improve the availability of banking services. Mobile banking applications are an exception, but information about them is available on banks' websites;
  • Ask the interlocutor to give their name and surname, if he did not give them himself, and make a note of the telephone number from which he is calling.
  • Under no circumstances should you transfer the codes from the authorization SMS by phone. SMS messages are used to confirm transfers or add new trusted devices to your online banking.
  • Carefully read the text of the SMS you receive from us to know what exactly they refer to!
  • Without a well-argued reason, do not give your PESEL number over the phone.
  • Also, be cautious if the interlocutor puts pressure on you. Scammers often suggest that everything they ask for must be done as quickly as possible. It is much easier to make ill-considered decisions in a hurry.
  • When answering the phone, you should remember that the number displayed on the screen (or the name of the institution, if it was previously saved in the contacts) does not mean for sure that someone is calling from there.

  If you have doubts about the authenticity of the connection:

  • Hang up / hang up the handset – make sure you hang up.
  • Call your Bank / operator or the Police.

Ransomware

Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files, demanding that a ransom is paid through certain online payment methods (and by an established deadline) in order to regain control of your data. It can be downloaded through fake application updates or by visiting compromised websites. It can also be delivered as email attachments in spam or dropped/downloaded via other malware (i.e. a Trojan). It is a scam designed to generate huge profits for organised criminal groups:


  To prevent and minimize the effects of Ransomware, we recommend that you take the following actions:

  • UPDATE YOUR SOFTWARE REGULARLY

    Many malware infections are the result of criminals exploiting bugs in software (web browsers, operating systems, common tools, etc.). Keeping these up to date can help to keep your devices and files safe.
  • USE ANTI-VIRUS SOFTWARE

    Install and keep anti-virus (AV) and firewall software updated on your devices. AV can help keep your computer free of the most common malware. Always check downloaded files with AV software.
  • BROWSE AND DOWNLOAD SOFTWARE ONLY FROM TRUSTED WEBSITES

    Use official sources and reliable websites to keep your software patched with the latest security releases. Always use the official version of software.
  • REGULARLY BACK UP THE DATA STORED ON YOUR COMPUTER

    Full data backups will save you a lot of time and money when restoring your computer. Even if you are affected by Ransomware, you will still be able to access your personal files (pictures, contact lists, etc.) from another computer. There are a number of high quality data backup solutions available on the internet for free.
  • CONSULT YOUR ANTI-VIRUS PROVIDER ON HOW TO UNLOCK AND REMOVE THE INFECTION FROM THE DEVICE

    There are numerous official websites and blogs with instructions on how to safely remove this type of malware from your electronic devices. Always consult www.nomoreransom.org to check whether you have been infected with one of the Ransomware variants for which there are decryption tools available free of charge.
  • REPORT IT

    If you are a victim of Ransomware, report it immediately to your local police and the payment processor involved. The more information you give to the authorities, the more effectively they can disrupt the criminal infrastructure.

  REMEMBER:

  • DON’T CLICK ON ATTACHMENTS, BANNERS AND LINKS WITHOUT KNOWING THEIR TRUE ORIGIN

    What looks like a harmless advertisement or image can actually redirect you to the website from where the malicious software is downloaded. The same can happen when opening attachments in emails received from unknown sources.
  • DON’T INSTALL MOBILE APPS FROM UNKNOWN PROVIDERS/SOURCES

    Always download from official and trusted resources only. In the settings of your Android device, always keep the option “Unknown sources” disabled and the “Verify Apps” option checked.
  • DON’T TAKE ANYTHING FOR GRANTED

    If a website warns you about obsolete software, drivers or codecs (programs that encode and decode your data) installed on your computer, do not fully trust it. It is really easy for criminals to fake company and software logos. A quick web search can tell you if your software is really out of date.
  • DON’T INSTALL OR RUN NON-TRUSTED OR UNKNOWN SOFTWARE

    Do not install programs or applications on your computer if you do not know where they come from. Some malware installs in background programs that try to steal your personal data.

Securing Your Home Network

Home network security refers to the protection of a network that connects devices to each other and to the internet within a home.

These days, electronics such as smart TVs, tablets, cell phones, and wearables are linked through the internet. Taking proactive measures to protect our home networks and devices may keep family members more secure when utilizing the world wide web.

  Home Network and Device Misconceptions:

  • MY HOME NETWORK IS NOT A TARGET OF A CYBER ATTACK

    A cyber attack can happen to anyone and anywhere. Connecting unprotected devices to the internet may make them vulnerable.
  • NEW DEVICES ARE SECURE RIGHT OUT OF THE BOX

    Leaving factory settings and passwords unchanged may create opportunities for cyber attackers to gain unauthorized access to your devices.

  How avoid threats:

  • SETUP WIRELESS SECURITY

    Create strong network passwords for your routers and choose the strongest encryption protocols available such as WPA2, AES, TKIP. If the router is provided by your service provider, verify strong encryption is used and change the default router passwords
  • CREATE A GUEST PASSWORD

    Some routers allow the setup of separate guest passwords. If you have visitors at home, setup a special password to protect your private network.
  • RECONFUGURE DEFAULT SETTINGS

    Ensure strong encryption and strong passwords are used with out-of-the-box software and hardware. Verify your device’s firmware is up to date. Refer to the manufacturer’s user manual for additional instructions.
  • INSTALL A NETWORK FIREWALL

    A firewall can block malicious traffic going to your home network and alert you to possible cyber threats.
  • INSTALL AND UPDATE ANTIVIRUS PROTECTION

    Keep the protection current so it scans for the most recent dangers intended to cause harm to your network and devices.
  • PROTECT ALL DEVICES CONNECTED TO THE INTERNET

    Establish passwords, PINs, or other advanced safety measures (if available) for internet enabled devices. Back-up and store important information often.
  • MOVE OR DISCONNECT HOME DEVICES

    During business meetings / conversations, you should ensure voice enabled smart home devices are not within listening range and ensure your computer screen is out of the field of view of video recording devices.

E-mail messages containing malicious software

Beware of malicious software sent in e-mail messages. Do not open any attachments, do not click on any links in messages from senders you don’t know. Even if an attachment is from a person you know scan it first with your anti-virus software.

Software which swaps account numbers

We have to warn you about software which can secretly swap bank account numbers (e.g. Banapter and Banatrix viruses). Such software is a threat to Clients who use the most popular web browser to access their online banking services: Firefox, Internet Explorer, Chrome or Opera. During an attack such malicious software is going through the process memory of the web browser to find the sequence of digits corresponding to the bank account number in order to replace it for an account number substituted by the criminals.

To infect a Client’s computer, criminals use spam distributed as e-mail messages.

Malicious mobile software

Apart from viruses which infect computers, there are also various types of malicious mobile software that can be met on the Internet and which can steal user data from infected devices and, as a result, funds from internet and mobile accounts connected with such devices. These are such program as: Android.BankBot.34.origin, iBanking, Zitmo. Some of them pretend to be free anti-virus scanners (e.g. offered under the name “Ant-Virus PRO”) or security certificate (e.g. “E-Security”), or impersonate well-known providers of anti-virus software.

  As security measures against malicious mobile software we recommend the following steps:

  • In the settings of your device, block the possibility to install applications from untrusted sources.
  • Do not accept the installation of any application without prior verification of the entitlements and access to functionalities it requires.
  • Do not add application as "device administrator."
  • Do not install on mobile devices any applications which turn on the option which allows bypassing official stores (Google Play, AppStore and Windows Store) when downloading software (“Unknown Sources” option).

Trojans and keyloggers

Criminals often use spy software (keyloggers and Trojans) which can be secretly installed on a User’s computer.

Such software intercepts information entered on the keyboard or goes through the content of a computer to find credit card or bank account data and trace our behaviour on the Internet.

Spy software may be part of a website code, an e-mail message or its attachments. Therefore it is extremely important to use a trusted and updated anti-virus program and firewall, which help protect you from the inadvertent opening of infected component from the installation of such software.