The campaign is incredibly convincing, and the emails look just like official communications from the company. All logos have been copied and are positioned correctly. The sender address appears genuine at first glance and the body of the email message is free of typos which is a common "tell" among poorly orchestrated phishing campaigns.
The content they receive in the email varies. However, the general summary of the phishing emails is that the recipient's Citibank account has been put on hold due to a suspicious transaction or a login attempt made in a location than the recipient would normally log in from.
The solution according to the email is simple. Take swift action now to protect your account. Click the link below to verify your account information and avoid a permanent suspension.
Social engineering is common in phishing campaigns, and this is a tried-and-true technique to build a sense of urgency into the communication.
Unfortunately, if the recipient of this email clicks the link they will be taken to a website controlled by the threat actors. While it may appear to be an official Citibank portal, it isn't. Any user who "verifies their credentials" by entering them in the capture boxes on this site is handing their account information to the scammers who will promptly empty their accounts or max out their credit cards or both.
This campaign is targeted primarily at users in the United States with statistics indicating that 81 percent of the recipients of these emails are residing in the U.S. So if you are a Citibank customer, be aware that the campaign is ongoing. If you get an email that appears to come from Citibank, rather than clicking embedded links, either call the company direct or open a new browser tab and manually type in the URL. Never trust embedded links!