And that’s exactly what criminals are hoping you’ll think. They try to catch you off guard with convincing phishing messages that trick you into believing they’re from a legit company. Tap or click here for a recent example of a phishing email that went viral. It’s one thing to get a fake message from a streaming service like Netflix, but what if you were to get one from your bank? There is a very dangarous banking scam going around right now that you need to know about.

Scammers targeting Citibank

If you receive a message that’s supposedly from Citibank, be very careful. A new phishing scam on the rise that has the potential to trick tons of people. What’s happening is criminals have spoofed the Citibank website and are sending messages to unsuspecting users to get them onto the fake site. Once there, they’re asked to enter their Citibank login credentials. You may also like: Phishing scam sends fake emails from ‘Microsoft’ Here’s where it gets tricky. The login page looks very real. Following is a screenshot taken from security researchers at MalwareHunterTeam: As you can see in the image above, the scammers are getting very good at spoofing sites. It turns a normal phishing scam into a terrifying phishing scam. The spoofing doesn’t end with the login page. After entering their credentials, the victim is taken to other spoofed pages that ask for more personal information. They’re asked to enter things like their full name, date of birth, home address, the last four digits of their Social Security number and more. Obviously, if you give all of this information to a criminal it’s game over. They can drain your bank accounts, open credit accounts in your name and steal your identity — not good! RELATED: Scammers spoofing websites in clever phishing scams The good news is even though this is a very sophisticated attack, it’s still a phishing attempt. So, if you know how to thwart phishing scams you should be OK. Keep reading for ways to avoid falling victim to these types of attacks.

Don’t get hooked into a phishing attack

If you want to avoid becoming a phishing scam victim, there are some simple rules to live by. Believe me, it’s easier to follow these rules than deal with things like identity theft after the fact. Be vigilant with links The most important thing to remember is to be careful with links you receive in unsolicited emails and text messages. If you click on a link or open PDF attachments in these types of messages, they could be malicious and lead you down a path of destruction. If you need to conduct business with any company, especially your bank, make sure to type its web address directly into your browser. Never follow a link inside a message. Also, don’t do an internet search looking for its phone number. Call the number found on the back of your credit or debit card so you know it’s legit. Use 2FA when available Any time a company offers two-factor authentication (2FA), take advantage of it. 2FA means you need two ways to prove who you are instead of just your login credentials. You can either receive a one-time code via text or use an authentication app like Google Authenticator. Tap or click here to learn more about 2FA. Never reply with personal info If you receive an unsolicited message asking for personal information or claiming you need to make a payment, don’t do it by replying to the message. Go directly to the company’s website or call the phone number that you know belongs to the company to conduct official business. Protect your identity According to the Federal Trade Commission (FTC) identity theft is one of the fastest-growing crimes in the U.S. As many as 9 million Americans have their identities stolen every year. Phishing scams are one of the ways identity thieves get the information they need. That’s why it’s a good idea to have an identity theft protection company on your side. We recommend our sponsor, Identity Guard. Take control of your identity and make the switch to Identity Guard with Kim today. Get up to 33% off for Kim’s audience only, with plans starting at less than $7 a month at IdentityGuard.com/Kim.