Citibank Queries, Been Hacked

simplyme on 19/05/2023 - 04:02

Hi,
I am currently travelling overseas and need some help from Citibank account holders please.

My Citibank account has been compromised by hackers.

I have transferred all my available funds out of the account because Citibank said they are closing the account.

However, there are still some pending transactions.

Would anyone know whether they would have already been deducted from the available funds?

Also what does on deposit mean?

I don't want to find out I have overdrawn on the account because of the pending transactions.

Just another thing, I have been scammed using my 28 degrees card too! The day before the Citibank hack!

So now both my accounts used for travel are blocked! Fortunately, I have CBA to fall back on but not looking forward to all the international transaction fees.

I wonder if travel insurance would cover some of the mobile phone costs trying to talk to Citibank and Latitude. I have spent well over $200! Calls from Malta are expensive!

Financial

Related Stores

Citibank Australia
Citibank Australia

Comments

  • kipps on 19/05/2023 - 05:18
    +26

    If your accounts have been hacked for 2 different banks in 2 days it sounds like you are reusing passwords or have a compromised device.

    • Yola on 19/05/2023 - 06:59
      +2

      Yes and if you use another bank it may get hacked too.

      • CyberMurning on 19/05/2023 - 07:32
        +1

        Agree. One day both my amazon and ebay had unauthorised access, in 1 hour span time.
        I reformated my laptop, change passwords and nevee happened again

    • boomramada on 19/05/2023 - 08:08
      +6

      Or OP used both cards in a doddgy shop.

  • SBOB on 19/05/2023 - 07:12
    +5

    Citibank require 2fa for any major things via it's web interface.
    Not sure what 28 degrees uses

    When you say 'hacked' do you mean your card details have just been skimmed/compromised and a new card needs to be issued, or legitimately hacked in that your login credentials and possible 2fa access have been used

    If it's the first, bad luck, perhaps assess where you use your cards.
    If it's the second, you need to take that way more serious than an ozb post.

  • simplyme on 19/05/2023 - 08:10
    +1

    Hacked as in someone changed all my husband's account details. Email, phone numbers, password. The bank reset it all as it was and password changed. Less than 24hours later got a call from Citibank to say that someone had tried to open a new account in husband's name. No money was taken.

    • kerfuffle on 19/05/2023 - 08:22
      +7

      Then clearly yours and your husband's devices are compromised.

    • silverstone2023 on 19/05/2023 - 09:06
      +1

      Citibank’s online banking website allows you to set your own userid. I suggest that if you have control of your Citibank logon again, that you change your userid so that the hackers can no longer use your current id to logon to the Citibank website.

  • simplyme on 19/05/2023 - 08:30
    +2

    28 degrees was due to a hotel payment system being hacked. I got 3 messages via booking.com from the hotel. Unbeknownst to me it was a scam saying:

    Hello, due to the updated booking conditions, additional confirmation of your card is required.

    It will take no more than 5 minutes, you need to follow the link in this email, enter your card details. You will receive an SMS or PUSH notification in your banking app to be accepted.

    If you do not confirm your booking within 24 hours, it will automatically be cancelled.

    (mod: Removed link)

    Catalina Suites

    So I clicked on the link. It looked just like a secure link used for payment. I thought it was legitimate. I put in bank details and my husband got the SMS code from latitude. I am the accessory card holder to my husband's account. He gave me the code and I submitted it. Then 2 more SMS codes were sent and that's when I realised something strange. I contacted Booking.com who contacted the hotel then notified me that the hotel's payment system had been hacked. We rang Latitude by this time 2 transactions had been made each for $527.40. So it's partly my fault this has happened I suppose. We've contacted 28 degrees. They've can celled my card and we've put in a dispute for fraudulent activity.

    • bathuu on 19/05/2023 - 09:00
      +4

      Straight away that link looks dodgy af. There is so many fake links posing as legit sites like air bnb, booking.com etc you name it.

      • Mokr on 19/05/2023 - 09:03

        Was sent from booking.com

        • kerfuffle on 19/05/2023 - 09:03
          +3

          Anyone can spoof an e-mail address

          • djsweet on 19/05/2023 - 10:05
            +4

            @kerfuffle: In this scam I don't think it was spoofed. It would have been a legit email from booking.com. Its actually pretty hard to spoof legit sites now with DKIM, SPF etc. It can happen under certain circumstances, but only by skilled attackers. The hotel would have been hacked and the emails sent via booking.com.

    • No on 19/05/2023 - 10:12
      +1

      Don't respond to any sms's call's email's etc unless you are certain who they came from.

      Now that the scammers have seen you will click the links your going to get a lot more of them.

      If Citi / latitude / anyone calls and wants details or 2 factors call them back on the number on the back of your card.

  • simplyme on 19/05/2023 - 08:36

    Anyway, what I was asking is, do "available funds" include the deduction of pending transactions and what does "on deposit" mean please?

    • silverstone2023 on 19/05/2023 - 08:56
      +1

      “On Deposit” includes funds that have been deposited into the account, but have not been cleared, eg cheque deposits may take several days to clear before the funds become available to use. The “On Deposit” amount will be higher than the “Available Now” figure when there are deposits into the account that are pending clearance. I have also seen electronic direct credits into Citi accounts in the “On Deposit” figure for a day, which does not really make sense as electronic funds transfers should always be cleared funds.

    • CrowReally on 19/05/2023 - 09:07

      I agree with the answer above.

    • silverstone2023 on 19/05/2023 - 09:20

      Addressing your question on ‘pending transactions’. If you have done a transaction using your debit card, I would expect the funds for this transaction to be debited immediately or placed on hold. Whilst I haven’t seen this myself, if there are pending debits on the account that have not been posted as transactions, then it would be logical for the ‘Available Now’ figure to reflect the pending transactions. In this case, the ‘Available Now’ figure would be less than the ‘On Deposit’ figure.

  • Shoocat on 19/05/2023 - 09:13
    +4

    Never, ever click links in emails that say things like "your account/booking/card has an issue". Always, ALWAYS go direct to the correct app, or call/email the business direct through their official contact details.

      • Shoocat on 19/05/2023 - 13:10
        +2

        In that case, you'd surely have a case for compensation from the provider of the platform, in this case booking.com.

        But the advice still holds - I've had a similar email from within Expedia and called the venue direct to confirm there was an issue with the booking.

        I feel for you - my previous post was more a general piece of advice for anyone reading this thread.

  • KaTst3R on 19/05/2023 - 09:41
    +1

    I got an Aus and overseas Citi account, both require 2FA via SMS/App. How it is possible to get accounts details changed when there is a 2FA requirement?

    We are not fixing the root of the problem here, the phone is compromised and something needs to be done. This issue will happen again next time.

    • kerfuffle on 19/05/2023 - 09:48

      If OP and her husband use the same devices, is it possible when she clicked on the dodgy link, she would have installed a keylogger?

      • KaTst3R on 19/05/2023 - 09:55

        It could be any scenario. But the point is that 2FA is supposed to be the last line of defence. If that is breached, the problem is not solved. You cant change any details without the random 2FA code. Someone can see that coming in from a remote location.

        • resisting the urge on 19/05/2023 - 11:06

          And our gloriously technologically advanced financial institutions have a very chequered history at not implementing, and then half-implementing, MFA. And still allowing ways for staff and customers to move around extra identification events.

    • happydude on 19/05/2023 - 12:02
      +3

      They handed over the the 2FA code after putting the login details into the fake login screen.

      So I clicked on the link. It looked just like a secure link used for payment. I thought it was legitimate. I put in bank details and my husband got the SMS code from latitude. I am the accessory card holder to my husband's account. He gave me the code and I submitted it.

  • the1doood on 19/05/2023 - 15:06
    +1

    Must be frustrating and hard for OP. Secure the funds and account, get money out from compromised accounts to another one and try to salvage whatever you can.

  • lainey13 on 19/05/2023 - 22:27
    +1

    Use skype for int call from Malta, probably cheaper.
    You could try having a relative/friend send you some money via Western Union but you better ask them directly over the phone if they have any clue about scammers. Or msg a gullible friend for help…

Login or Join to leave a comment
Login Join