​ ​ ​ ​ čeština | 简体中文 | 繁體中文 | English | Español | Français | Bahasa Indonesia 日本語 | 한국어 | Português | Română | ไทย | Tiếng Việt ​ ​ ​ Digital security risks continue to evolve and pose a serious threat to businesses across the globe. It is important to remain vigilant and ensure all staff are aware of, and adhere to, your organization's security policies and procedures. It is especially important to remind staff during vacation periods of the approved escalation plans that account for executive decision maker absences. ​ Digital Security risks can increase when attackers perceive that a large number of employees will take annual leave and defenses may be weaker than usual due to lower staffing levels, the continued prevalence of remote working and other diversions. Therefore as we come into a season where many staff take annual leave in various parts of the world, we remind your organization to remain vigilant. ​ Please be sure to closely monitor your company's account activity and keep your systems updated with the latest patches and anti-virus software. With workplaces becoming more mobile, there are also additional risks with connecting mobile devices such as laptops and phones to public networks. Staff should be reminded to adhere to your organization's security policies and procedures to combat fraud, including being aware of key escalation contacts should they observe any suspicious activity. In particular, employees should exercise caution when receiving emails from outside of their organization and unknown sources, requests to change or add new account numbers, requests to pay invoices early, or other unusual requests. We have observed some of the following trends: ​ ​ ​ ​ ​ Themed Phishing Emails ​ Centered around news or high-profile events, emails that lure potential victims to click on malicious links, or open malicious attachments which can serve as the delivery platform for malware such as a Ransomware attack. ​ ​ ​ ​ Vishing ​ A form of fraud using social engineering to impersonate trusted officials over the phone or via text message. One example of vishing is criminals impersonating bank staff by phone, and requesting the victim’s online banking login details and passcodes to address a fictional ‘security or fraud incident’. The details provided by the victim are used to execute fraudulent payments. ​ ​ ​ ​ Business Email Compromise ​ A long-standing scheme that exploits executive email accounts to execute fraudulent payments, continues to grow and evolve. In many recent cases, email is used by fraudsters to impersonate a legitimate supplier. ​ ​ ​ ​ ​ ​ ​ Citi Cyber Security Toolkit ​ Now available on Citi Velocity, the toolkit provides a range of resources to assist you in your efforts to protect your organization from cyber criminals. Explore the toolkit to keep up to date with some of the latest trends and threats, read practical guidance on the red flags to look out for, and learn what you can do in the event of fraud, such as: ​ ​ • What to do in the Event of Fraud ​ • Beneficiary Change Request: Risks and Best Practices ​ • Cyber Resilience: Trends and Improving Preparedness ​ • Securing your Home Network ​ • Protecting Your Business from Telephone Scams ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ Enhanced Login Experience with CitiDirect Mobile Token & Biometrics ​ CitiDirect Mobile Token enables your organization’s users to authenticate their identity with simplicity and speed to securely access CitiDirect on their computer or mobile app. ​ Combined with CitiDirect biometric authentication, it offers a convenient way to login to CitiDirect. ​ To learn more about CitiDirect Mobile Token and Biometrics Login*, access the resources below: ​ ​ Overview ​ ​ Video ​ ​ FAQs ​ If you have questions or require additional information, please contact your Citi Representative. ​ Download CitiDirect App Today! Search for CitiDirect in the App Store or simply scan the QR codes here. ​ ​ ​ *Available in approved markets ​ ​ ​ ​ ​ These materials are provided for educational purposes only and not as a solicitation by Citi for any particular product or service. Citi reminds you that Citi's clients are responsible for their organizations’ cybersecurity and all matters relating thereto, and the information contained herein should not be viewed as any intention or commitment from Citi to replace your organization's cybersecurity-related responsibilities. Furthermore, although the information contained herein is believed to be reliable, the following does not constitute legal advice and Citi makes no representation or warranty as to the accuracy or completeness of any information contained herein or otherwise provided by it. ​ ​ Treasury and Trade Solutions ​ © 2023 Citigroup Inc. All rights reserved. Citi, Citi and Arc Design and other marks used herein are service marks of Citigroup Inc. or its affiliates, used and registered throughout the world. ​ This is an email advertisement sent to you by Citi. ​ Contact your Citi® Representative for more information. This is an automatically generated email, please do not reply. United States: If you do not wish to receive this email please click [Response: Subscribe to List]. Citibank, N.A. 388 Greenwich Street, Attn: ACASH - TTS Marketing, New York, NY 10013 ​ ​