Citibank virus – what is that scam?

Citibank virus – what is that scam?
Citibank virus, Citibank email spam
Written by Wilbur Woodham

Citibank virus is a common name for the malevolent email spam you can see in your mailbox. These messages contain false claims about your bank account in Citibank, where you are told that your account is blocked. The steps which are offered to get your account back will lead you to initialize the malware installation. You will see the detailed explanation of this scam, as well as the risks associated with it in this article.

What is the Citibank virus?

The name which was assigned to this phishing by scared users does not mean that someone from Citi has really stolen your account. The fraudsters who distribute malware in such a way just took this name to lull the vigilance. Name of the Citibank is a well-known thing, which is considered trustworthy by everyone. And when the victim receives this message, he/she will not even think that this is a phishing1. The chance that a person will click the link or file attached to this message is very high.

Citibank virus spam

The example of Citibank virus spam message

The panic element is added by the text of the Citibank virus message: it states that your bank account is blocked due to the numerous violations of rules. The terms of unblocking are right in the attached file or link. The scheme may vary depending on the decision of fraudsters. Sometimes, they may bite you to click the attachment with saying that a recent dispute was solved not in your favor. User may forget which dispute is mentioned, and to remember it he/she will surely follow the link. More intrigue is created with specifying a large dispute sum – up to several thousand dollars. Here is one of possible text variants:

American Airlines AAdvantage
Account ending in 3691
We’ve resolved your dispute
We’re pleased to let you know that your dispute has been resolved – you’ll see the credit in the next two business days – it’ll be listed with your account activity on your statement. This credit is permanent.
We included the below transaction details for the dispute on account ending in 3691 for your reference.
Download your transaction details.
Your Citi Team

How dangerous the Citibank virus is?

Regardless of the reason the user clicked the link/file, he will receive different viruses. The exact type of the virus is not related to the text of the spam message, since all malware is distributed by the same persons. The viruses are just downloaded to your PC as a part of Microsoft Word document, directly from the mail client or from the link attached to the Citibank virus message. No complicated methods, like exploit kit usage – users will do everything themselves.

Here is a short description of Citibank virus:
NameCitibank virus
TypeEmail spam
Hazard typeSpyware, Banking trojans, Keyloggers
Malware sourceMalicious links and files attached to the email
DisguiseNotifications from Citibank
Protection methods
To remove possible virus infections, try to scan your PC

This scheme is used to spread spyware, banking trojans and keyloggers. All of them are targeted on your personal data, primarily – on the important credentials. The second type may be the most harmful one if you use online banking. It is targeted on collecting the credentials on the websites of the banks, so it can easily steal your login/password. So, the cybercriminals will be free to do whatever they want with your funds2. Meanwhile, spyware may miss your banking credentials, but will surely get all possible information about you and your PC. List of the installed applications, often-used programs, anti-malware software onboard, logins and passwords for the social networks – this and a lot of other information will be collected and sent to the control server.

Can I avoid this scam?

The things are not so hopeless for the Citibank virus. It is possible to distinguish the fake message. First, you need to remember if you have a Citibank account. It may be very funny to spectate such spam when you don’t have one. However, some users may click the attached file/link just because of the simple interest. People can do rash acts, and this is just such a case. Another element which can help you to understand that somebody tries to scam you is the sender’s email address. Official Citibank email has a specific domain name (, and the fraudsters will not be able to get an email address in this domain. Instead, they will likely create an email address like “” or even “”. It is quite easy to distinguish the first one from the second and third, isn’t it?

Citibank virus email scam

The example of dubious email address on another online spamming campaign

The final protection layer is an antivirus tool. A lot of users have their mailing in the separated app, called mail client. Some of the mail clients download the file at the moment when you open the message. In this case, you need to have an anti-malware solution which is capable of proactive protection. Last function makes it possible to stop the virus launching when the situation is just like I have described above. Same thing is with attached links: to understand that these links are malicious, the security tool must have an internet protection function. All of these functions are available in GridinSoft Anti-Malware, and I will recommend you to use it to protect your PC from Citibank virus.

What can I do if I have clicked on the link/file in the spam message?

Don’t panic. The spyware activity is not a doom. Of course, the important data you have on your computer is definitely in danger, but the credentials may easily be changed. First of all, you need to get rid of the viruses you have got through the Citibank virus. I can offer you to make use of GridinSoft Anti-Malware to perform this step.

Removing the viruses with GridinSoft Anti-Malware

  • Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
  • Gridinsoft Anti-Malware during the scan process

  • Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
  • GridinSoft Anti-Malware scan results

  • When the scan is over, you may choose the action for each detected virus. For all files of the viruses distributed through the described phishing the default option is “Delete”. Press “Apply” to finish the malware removal.
  • GridinSoft Anti-Malware - After Cleaning

Now, when the virus is removed, you need to remember which credentials you inputted after clicking the spam message. Malware is not omnipotent, and is not able to steal the logins and passwords which were not in use. So, keep calm and change the login details that are about to be compromised.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)


  1. About phishing methods and ways of counteraction.
  2. Detailed explanation of the banking trojans on Investopedia
  3. Citibank official website.
Citibank virus - what is that scam?
Citibank virus - what is that scam?
Citibank virus is a common name for the email spamming campaign which takes place in March, 2021. The emails contain fake claims about blocking the banking accounts and the link which leads to malware downloading.

About the author

Wilbur Woodham

I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

Leave a Reply