Citibank Statement on Email Scam

August 24, 2003

Citibank is working with law enforcement to aggressively investigate a fraudulent email that has been sent as spam to numerous email addresses. Although the email appears to come from Citibank with a subject line reading "Private message from Citibank", it does not, and Citibank is in no way involved in the distribution of this email. The email tells recipients to click on a link that takes them to a site that appears to be Citibank's and is a copy of the Citibank Online login page. If you have received this mail and logged on via this link, please call our customer service center at 1-800-374-9700 immediately.

August 18, 2003

Citibank is working with law enforcement to aggressively investigate a fraudulent email that has been sent as spam to numerous email addresses. Although the email appears to come from Citibank regarding "Your Checking Account at Citibank," it does not, and Citibank is in no way involved in the distribution of this email. The email tells recipients that their Citibank Checking Account will be suspended unless they accept new Terms and Conditions and directs them to a site that appears to be Citibank's. The fraudulent site requests the customers' name and the first 4 digits of their ATM card number.

Citibank urges recipients of this email to delete it immediately. Citibank does not ask customers to provide sensitive information in this way. Customers who receive suspicious email purporting to be from Citibank are encouraged to report it to customer service at the number listed on their ATM card. Citibank's systems have not been compromised in any way.

Please understand that we are unable to reply to individual emails on this issue. Rest assured that we are using all available information in this important investigation.

Below are some good general tips to help educate consumers about online security.

• Leave suspicious sites. If you suspect that a website is not what it purports to be, leave the site immediately. Do not follow any of the instructions it presents.

• Be alert for scam e-mails. These may appear to come from a trusted business or friend, but actually are designed to trick you into downloading a virus or jumping to a fraudulent website and disclosing sensitive information.

• Don't reply to any e-mail that requests your personal information. Be very suspicious of any e-mail from a business or person that asks for your password, social security number, or other highly sensitive information.

• Do business only with companies you know and trust.

• Be aware! Phony "look alike" websites are designed to trick consumers and collect their personal information. Make sure that websites on which you transact business post privacy and security statements, and review them carefully.

• Open e-mails only when you know the sender. Be especially careful about opening an e-mail with an attachment. Even a friend may accidentally send an e-mail with a virus.

• Be careful before clicking on a link contained in an e-mail or other message. The link may not be trustworthy.

• Do not send sensitive personal or financial information unless it is encrypted on a secure website. Regular e-mails are not encrypted and are more like sending a post card. Look for the padlock symbol on the bottom bar of the browser to ensure that the site is running in secure mode BEFORE you enter sensitive information.

• Use strong passwords or personal identification numbers (PINS) for your Internet accounts. Choose passwords that are difficult for others to guess, and use a different password for each of your accounts. Use both letters and numbers and a combination of lower case and capital letters if the passwords or PINS are case sensitive.

• Make sure your home computer has the most current anti-virus software. Anti-virus software needs frequent updates to guard against new viruses. Make sure you download the anti-virus updates as soon as you are notified that a download is available.

• Install a personal firewall to help prevent unauthorized access to your home computer. This is especially important if you connect to the internet via a cable modem or a digital subscriber line (DSL) modem.