Your browser does not support JavaScript! Pls enable JavaScript and try again.
Image of a young woman sitting at a table with a dog looking at a desktop computer


Common scam types and how you can protect yourself

Find out what the common scam types are and ways you can keep your identity and account information safe.

Investment scams

SIM swapping fraud and SIM porting fraud

Investment scams

Investment scams target your personal wealth by convincing you to invest in fake schemes and companies. They are widespread and can take many different forms.

Look out for these warning signs to identify investment fraud.

  • Promise of low risks with high returns: Always remember, if something seems too good to be true, it probably is.
  • If you are promised ‘guaranteed returns’ this is a warning sign.
  • High-pressure tactics: You are contacted repeatedly and are told that you need to act quickly and invest or you will miss out.
  • Someone you haven’t met in person offers you investment advice: never take investment advice from someone you meet on the phone, via email or any social media apps.
  • Someone has convincing promotional materials or websites: If documents like prospectuses aren’t registered with ASIC, it is likely part of a scam. Always call us on 13 24 84 (or +61 2 8225 0615 if calling from overseas) to verify the legitimacy of any promotion being offered to you.
  • You are asked to deposit funds into different accounts for each transaction: Scammers may claim this is for security reasons, or because they are an international company.

Example of a scam email

You are contacted out of the blue from someone claiming to be from Citi offering unsolicited advice on investments, and they may be posing as Citi Relationship Managers or staff.

screenshot showing a fraudulent email from a scammer impersonating Citi

Formatting inconsistencies, unusual grammar and the use of a domain address that looks legitimate ( are some of the signs that this is a scam.

How to protect yourself

  • Be wary of new communications and don’t just accept what you’re being told.
  • Do not let anyone pressure you into making decisions about your money or investments and never commit to any investment on the spot.
  • Take your time, do your research, and independently contact the purported business or agency communicating with you, using contact details you have sourced yourself, for example through searching for the business or agency online. It’s also a good idea to check whether any account details you have been told to transfer to match the name of the company you are supposedly dealing with.
  • Do not click any links or open any attachments.
  • Never provide anyone with your personal or account information or grant remote access to your device.
  • Citi staff will never ask you for your account details and passwords or One-Time PINs via email or phone. Never disclose this information to anyone by phone or email.

Contact us on 13 24 84 to verify the legitimacy of any communications or offers.


Credit card fraud

Credit card fraud can occur when someone obtains your credit card details and uses them over the phone or on the Internet to make purchases in your name. You should always carefully check your statement each month to determine if there are charges for purchases you did not make.

Fraud can also occur when a person assumes your entire identity and obtains credit cards in your name.

How to protect yourself

Immediately block your credit card in the event that you misplace it or it is stolen.

  • Log in to the Citi Mobile® App
  • Tap on the profile icon at the top left and go to Cards / accounts
  • Tap on the button ‘Report lost/stolen for credit card’
  • Select the card you want to report missing and follow the prompts to block it.

Please contact us to report a lost or stolen card immediately on 13 24 84 (or +61 2 8225 0615 if calling from overseas). We will review your recent transactions, block your account to stop any fraudulent activity and organise to issue you with a new card.


Email scams

You may receive phishing emails that contain links or malicious attachments that could capture your details or harm your device. These emails seek to trick people into giving out personal details including account management details. They are designed to look legitimate and often contain a corporate logo.

How to protect yourself

It is important you report then disregard emails which:

  • Request any customer information - including your password or account details. You should not reply to emails that request such information.
  • Advise you to contact a phone number to verify your card or account details. Always call us on 13 24 84 or +61 2 8225 0615 if you’re calling from overseas.
  • Instruct you to login or apply for a product via a link in an email.


Phishing is by far the most common scam technique used at the moment. It is the fraudulent practice of sending emails or SMS claiming to be from a reputable source or from us, in order to induce someone to reveal personal or financial information.

How does it work?

Phishing is designed to convince the person receiving the fraudulent email or SMS to click on a link or download an attachment, which is embedded with computer viruses. These viruses – also known as Malware – automatically download to your computer or phone and allow fraudsters to take control, log keystrokes and access personal files, which could then lead to identity theft.


  • Messages that convey a sense of urgency or demand immediate action. Example – “Download the attachment now and follow the steps or you will be penalised.”
  • Offers or prizes that sound too good to be true. Example – “Click on the link now to claim this limited offer $250 gift voucher.”
  • Impersonation of well-known organisations such as Government, Police, or even your own workplace.
  • A reputable company or government department asking you to disclose your personal information, such as a credit card PIN and expiry date, Citi Online password or your OTP (One-Time PIN).
  • Poor grammar or spelling mistakes.

Important - No reputable company or government department will ever ask you to disclose a password or PIN.


SIM swapping fraud and SIM porting fraud

SIM porting fraud is the act in which a fraudster requests for your existing mobile number to be moved (or "ported") to another phone carrier without your consent or knowledge. SIM swapping fraud is the act in which a fraudster requests for a new SIM card to be issued for your existing mobile by approaching your mobile operator without your consent or knowledge.

A fraudster gaining access to your mobile phone by means of SIM porting or SIM swapping can lead to unauthorised access to your digital accounts by intercepting authorisation texts or overriding touch authentication.


The fraudster obtains the victim's personal details via various techniques including mail theft, online compromises (e.g. malware, Trojans), phone and email phishing scams or through the illegal purchase of stolen personal data etc.

The fraudster approaches victim's mobile operator with the victim's identity and requests for issuance of a duplicate SIM card or requests for the mobile number to be ported.

The victim's mobile operator deactivates the original SIM card and issues a replacement SIM or ports the number to the new operator.

The fraudster is now able to carry out financial transactions without the victim's consent or knowledge by intercepting calls or texts, receiving one time passwords or PINs and overriding touch authentication on the swapped or ported SIM.

How to protect yourself

  • If your mobile service stops working unexpectedly, check in with your mobile service provider immediately.
  • Be vigilant of SMS text messages from your mobile service provider advising you of a swapping or porting request.
  • Never disclose your Citi Online password, ATM PIN or telephone PIN to anyone. We will never ask you for these details via any of our communications to you.
  • Beware of unsolicited calls, texts or emails asking for personal or financial information even if they appear to be from us or a reputable company.
  • Do not open or forward emails that you suspect might be spam and never open any attachments or click into any links.
  • Be careful of what personal details you share on social media platforms as fraudsters can use these to anticipate likely answers to security questions.
  • Ensure you have up to date anti-virus protection software installed on your mobile devices.

Malicious software

Malware, or malicious software, is an intrusive program that fraudsters try to install on your computer or device. Malware, such as a virus or Trojan, can disrupt or slow down operation, gather personal and financial details, extract funds or perform other fraudulent activities under your name. Malware is usually sent as an attachment to emails claiming to be from a trusted source, or disguised as genuine software.

How to protect yourself

  • Install security software, turn on automatic updates and scan your computer regularly.
  • Keep your operating system updated.
  • Avoid using shared computers or devices as they may have malware that could compromise the security of your online activity.
  • Don’t share your screen with anyone you don’t know or for an unsolicited call.

Tax time scams

During tax time scams can be on the rise, with scammers attempting to use the end of the financial year to access your personal or account details.


  • A scammer pertaining to be from the Australian Taxation Office (ATO) asking you to pay an outstanding tax debt with a warning that you will face legal consequences if you do not pay.
  • A scammer contacting you to claim that you are entitled to a tax refund and asking you to provide bank details in order for you to be paid.

How to protect yourself

  • Do not respond or click on any links or attachments if you receive an email or SMS claiming to be from the ATO.
  • If you receive a phone call from someone pertaining to be from the ATO asking you to pay, hang up and call back using a publicly listed number.

Social media scams

Scammers may use social media to impersonate legitimate businesses or individuals to persuade you to provide your personal information.

Example of a scam via social media

An Instagram account impersonating us asking a customer to share their account details in exchange for cash.

screenshot showing a fraudulent Instagram message from a scammer impersonating Citi

We would never ask you to disclose your personal details online. The message also has spelling and grammatical errors which indicates it is not legitimate.

How to protect yourself

  • Review your social media account security settings and avoid making sensitive information public that scammers could use to steal your identity.
  • Do not click on any hyperlinks from untrusted sources.
  • Beware of chain messages that ask you to forward it to more people before being eligible to claim a reward.
  • Be cautious when using dating and romance applications, and never send money to anyone you have not verified or met in person.
  • Do not agree to transfer money for someone you don’t know in exchange for a reward. This could be a money laundering scam which may be a criminal offence.
icon of a speech bubble

Reporting scams

If you believe you have been the victim of a scam, please contact us immediately on 1300 550 216.

It’s important that you get in touch with us if:

  • you’ve sent money or authorised a payment due to a suspected scam
  • you’ve provided your identity information and/or account details to someone who you believe is a scammer
  • you’ve found unauthorised transactions in your account statements.
icon of a credit card

Reporting a lost or stolen card

You can report your credit card as lost or stolen by blocking it permanently via the Citi Mobile® App. You can also deactivate your card via Citi Online to prevent it from being used and then call us on 13 24 84 (or +61 2 8225 0615 if calling from overseas).

Visit our help guide for instructions.

To report your debit card as lost or stolen please call us on 13 24 84 (or +61 2 8225 0615 if calling from overseas).

icon of a landline phone

Report any scams to Scamwatch

Report any scams to Scamwatch, an independent website run by the Australian Competition & Consumer Commission (ACCC).

Scamwatch provides information to consumers and small businesses on how to recognise, avoid and report scams. Anything reported to Scamwatch will be analysed and acted on by the ACCC.

Related help guides


Find out how to keep your account safe from scams.

Learn more >

Help and support

Explore our online help guides and learn more about our products and services.

Visit help and support >

Useful forms and links

See additional resources for our products and services that will help you set up and use your account.

Explore useful forms and links >

Support services

We are here to help you through difficult financial or personal times.

Explore support services >

icon of a letter

Can't find what you're looking for?  Contact us