Is citi.com legit or a scam?
Official Citibank domain with over 27 years of history and verified corporate registration.
Analysis Summary
No threats detected
All checks passed. This site appears legitimate — but always stay alert for phishing even on trusted domains.
Website Preview

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.
MT Intelligence
The domain has been registered to Citibank, N.A. since 1998, establishing a decades-long history of legitimate operation. Our antivirus network and major browser blocklists show no security threats or phishing flags for this URL. The site uses a high-assurance EV SSL certificate issued by DigiCert, which verifies the legal identity of the owner. While some consumer review sites show low ratings due to customer service complaints, these are typical for large banks and do not indicate fraudulent activity. The infrastructure is consistent with a top-tier global financial entity.
Web Research Findings
Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for citi.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.
- citi.com is the official website of Citibank/Citigroup, offering credit cards, banking, mortgages, loans, and investing services.
- Domain registered December 29, 1998 (over 27 years old) to Citibank, N.A. in New York, US; expires 2032.
- Citigroup Inc. is a Delaware-incorporated multinational bank headquartered at 388 Greenwich Street, New York, NY.
- Citi maintains dedicated scam-alert and fraud-prevention pages advising users to only use official citi.com links and to report phishing.
- Scamadviser rates it as "very likely safe" and "legit and reliable" despite a numeric trust score of 0, citing long domain age, high Tranco rank, valid SSL, and reputable registrar.
- Trustpilot shows low customer ratings (around 1.1/5) primarily due to complaints about customer service, payments, and account issues.
- Reddit threads contain numerous customer complaints about service and fraud experiences, but no evidence that citi.com itself is fraudulent.
Citigroup Inc. (parent of Citibank, N.A.) is a Delaware corporation headquartered in New York, NY; domain registered to Citibank, N.A. since 1998
Antivirus Engines
Security Scans
Checked against the major public blocklists used by browsers and security tools — no hits.
Contact Verification
We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.
- No contact email found anywhere on the page.
- No phone number listed on the page.
- No postal address visible on the page.
Domain & Encryption
Redirect Chain
- 1301http://citi.com/
- 2403https://www.citi.com/cross-domain
Server Reputation
Still, stay alert
No major threat indicators — but a clean scan does not guarantee every page is safe, and phishing emails routinely spoof real domains.
- Double-check the exact URL in your address bar
Confirm you are actually on citi.com and not a lookalike like c-iti.com.com or an IDN homoglyph.
- Use a password manager
Password managers only auto-fill on the exact domain they were saved for — they refuse to fill lookalike domains, which is the single best phishing defence.
- OpenDiscuss this site on the forum
If you have first-hand experience with this site — good or bad — share it with the MalwareTips community.
Reputation Sources
How this domain rates across independent threat-intelligence and blocklist providers.
Referenced Domains
Outbound domains this page links to or loads resources from. Each links to its own security scan.
Safety FAQ
Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.
- Our automated security review found no threat indicators on citi.com. The site appears legitimate based on the signals we checked, but always stay alert for phishing emails that spoof real domains.
- citi.com passed our automated security checks with a trust score of 96/100. No antivirus engines or major blacklists flagged the site at the time of the last scan.
- Yes. citi.com presents a valid TLSv1.2 certificate issued by DigiCert Inc · DigiCert EV RSA CA G2, expiring in 99 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
- citi.com is 27.5 years old, registered on 12/29/1998 through CSC Corporate Domains, Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
- No. All 92 antivirus engines in our malware network report citi.com as clean.
- No. citi.com is not currently listed on the major browser blocklist feeds that modern browsers use.
- citi.com resolves to an IP operated by Akamai Technologies, Inc. in AU (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
- Yes. citi.com sits in the global top-100k on Cloudflare Radar, which means it has substantial real-world traffic. That does not automatically make it safe, but established brands almost always rank here and throwaway scam domains almost never do.
User reviews & comments(0)
Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.