Formerly known as Ecount, Citi Prepaid Services is a prepaid solution for companies who aim for a customizable solution for payroll, sales incentives, benefit payments, etc. Recently we have encountered a phishing email, informing Citi Prepaid Services customers/clients that their account information needs to be updated due to inactive membership, purported causing fraud and report spoofing due to the account’s inactivity.
Below is a screenshot of the phishing email: |
In the email users are instructed to click on the embedded link which, in fact, leads to the phishing website: |
![]() |
![]() |
Once customers/clients entered their account credentials believing that this is real, phishers can now take hold of the information and may use it however they wish.
Citi Prepaid Services actually offers Zero Liability Protection which protects users from this very attack. It means that users are not to be held responsible for any fraudulent activity regarding their account. But since the Zero Liability Protection is a feature limited to Citi Prepaid Service, victims of a similar attack on a different service may not be as lucky, and end up losing their hard-earned money.
The phishing URL is now blocked by the Trend Micro Smart Protection Network.