Citadel Cyber Security

Equifax Breach

Citadel Cyber Security

As technology advances, you can be sure that identity thieves are not far behind. Here are some common methods cyberthieves use to steal your personal information and how you can increase your security.

Credential Stuffing

Credential stuffing is a cybercrime tactic in which criminals use login credentials that were previously exposed due to prior security events/breaches at organizations like Yahoo, Facebook, Door Dash, etc. The cybercriminals create a computer script with the list of exposed credentials and ultimately attempt to gain access to a website such as Online Banking.

What can I do?

Cybercriminals are aware that consumers regularly use the same usernames and passwords for many of their online logins. To be safe, consider changing your passwords on all accounts and avoid repeating the same password for different logins. Citadel recommends making passwords as unique and complex as possible.

Review our Online and Mobile Banking Security FAQs for additional ways to protect your information.


Your email messages may not be quite what they appear to be if you’re targeted by a phishing scam. Phishing is the act of sending fraudulent emails that seem to come from familiar businesses. These messages contain links to phony websites designed to steal personal information either directly or through malware and keyloggers. Often you’ll see a problem referenced with a request to click on the link provided to correct it. Once you’ve entered your information, ID thieves can access your accounts.

Vishing is the telephone version of phishing. Callers are sometimes bold enough to suggest the victim call back to verify authenticity. But the vishers don’t actually hang up; instead they play a recorded dial tone to make the victim believe he’s making a call.

Targeted Social Media Scams

Over the past few years, social media financial scams of multiple varieties have become more frequent. In fact, Citadel members have been targets of social media scams, and this scamming continues to occur across multiple regions and involves a variety of financial institutions.

One of the most common types of social media scams is when an individual is asked to surrender personal information in order to provide access to their bank account(s). The fraudsters tell the victim they will deposit money into their accounts, then deposit fraudulent checks via ATMs. These scams are sometimes positioned as “work from home” opportunities to make money.

Citadel offers tips to avoid Social Media scams:

  1. Legitimate businesses or employers will not ask for your account information. Never allow another individual to use your account or have access to your account information. These folks may promise you’ll make money, but ultimately, their promises are fraudulent, so refrain from answering suspicious requests via social media.
  2. If information is shared, you can be held responsible. When account or personal information is willingly shared with another individual, the victim can face monetary losses, civil action, and possible criminal charges.
  3. Keep your information as secure as possible. To keep your accounts safe from other types of fraud or scams, create strong passwords/PINs, keep your cards secure, and report suspicious activity to Citadel immediately.
  4. Download Citadel Card Control: Citadel Card Control allows you to set controls and manage your Citadel debit and credit cards from a centralized location with the Mobile Banking App. Learn more:
  5. Sign up for account alerts: Citadel offers account alerts and eAlerts through Online and Mobile Banking to help members monitor spending behaviors, fraudulent activity, and more.
  6. Consider purchasing ID Theft services: Consider signing up for credit file monitoring and identity theft protection through a trusted party. Learn More about how to protect yourself against Identify Theft through Citadel.

Additional tips to protect yourself

To even further reduce fraud risk:

  • Install the latest editions of antispyware, antivirus, firewalls and browsers to all devices, and password-protect them.
  • Use strong passwords for all accounts and change them frequently.
  • Monitor accounts and credit reports to detect fraud early.
  • Don’t use public Wi-Fi networks for financial transactions.
  • Keep cards away from public view, and shred personal documents before discarding.
  • Opt in for two-factor authentication on all online accounts where possible.
  • Turn off bluetooth and near field communication when not in use.
  • Never share sensitive information with unsolicited callers or email senders.
  • To verify calls, hang up for at least one minute to insure the first call is disconnected.

Staying informed and adopting smart fraud prevention practices will go a long way toward protecting your identity. Between your efforts and Citadel's security offerings, you should be able to stay a step ahead of identity thieves.

Citadel is dedicated to protecting the finances, privacy, and data of our customers.

Learn More

Find an ATM or Branch Near You

Frequently Asked Questions

What should I do if I see suspicious activity on my account?

Call the number on the back of your card immediately to report any suspicious activity on your account.

How do I reset my Online and Mobile Banking Password?

A security feature of Online and Mobile Banking is limiting the number of attempted logins with an incorrect password. If you’ve forgotten your password you can easily reset. Select 'Login Help' from desktop and choose 'Forgot Password'. You can then enter your Username and click 'Submit'. Then follow the Secure Access Code prompts. On Mobile Banking, enter your username and select 'Forgot your password?' and follow the prompts.

I am having trouble receiving my Secure Access Code, what are my options?

There are several ways to receive your Secure Access Code, please be aware the contact information on your account will be the available choices. Once you've signed into Online and Mobile Banking, you will be able to update your contact information and add additional phone, cell and email addresses to receive your Access Code. If you have chosen to receive your code via Text Message (SMS), and are not receiving it, please text the word "START" to 878787. This will ensure that your phone is not blocking the short code for any reason. Secure Access Codes can be sent via these channels:

Text Message – a text message will be sent to your mobile device

Phone Call - choose which phone number listed on your account to receive a voice message with your code

Email - an email will be sent to the email address associated with your account

What is a Secure Access Code?

As part of our enhanced security, the system will send a Secure Access Code the first time you log in to your account. You can select to receive this code through an automated phone call, a text, voicemail or email. Since this code will be sent to information we have currently on file, make sure we have your most updated contact information by calling us at (800) 666-0191 or by visiting any Citadel Branch.

Once you receive your Secure Access Code, you can then log in. Upon second log in, you will be required to receive a new Secure Access Code. At this time, you can register your computer for future use and will not be required to request another Secure Access Code.

What is identity theft?

The crime of stealing someone's personal, identifying information for the purpose of using that information fraudulently. Personal, identifying information includes Social Security numbers, credit card and banking account numbers, user names, passwords, and patient records. Fraudulent uses for that information can often include opening new credit accounts, taking out loans in the victim's name, stealing money from financial accounts, or using available credit.

How can I avoid identity theft?

A few preventative measures you can take:

  • Remove mail promptly from your mailbox and never use your mailbox for outgoing mail as identity thieves raid mailboxes for credit card offers and statements
  • Shred all mail that you discard so that all offers, names and addresses are no longer legible
  • Safeguard your Social Security number
  • Do not give out your credit card number over the phone unless you initiate the transaction
  • Be careful with your receipts, making sure you have them when you leave the store or ATM and do not throw them away in public trash cans
  • Destroy pre-approved credit card offers before you throw them away
  • Account for all new checkbooks when you receive them in the mail
  • Commit all passwords and PINs to memory so they cannot be compromised
  • Review your credit report from time to time

Below are the three Credit Bureaus to contact:

How am I notified if someone opens an account with my name?
Credit monitoring provides protection against identity theft by monitoring your credit report for new activity. If and when any new activity occurs, you will receive an alert which has been triggered by a change in your credit file. The alert will provide details on the type of activity which has triggered the change, I.E. new credit account, application for any type of loan, or change of address, etc. If you believe any activity is fraudulent, our Recovery Advocates are available to assist you. Actively monitoring your credit report will ensure identity theft is recognized and with the help of our Recovery Advocates, handled properly and expediently.

Still have questions? Visit our help center.