2025.10.11 – How to Tell If a Banamex Email About Transaction Limits Is Real—and How to Stay Safe

Key Takeaways

An email sent in early October 2025 appeared to come from Banamex and informed customers that new transaction limits would be automatically applied to their debit and credit accounts. It stated that these limits affected only transfers to third parties through the Banamex App or BancaNet®, not purchases or bill payments.
Although the message used Banamex branding, legal disclaimers, and familiar corporate language, further analysis revealed inconsistencies in the sender’s domain and the structure of the links — both typical signs of phishing.

The core takeaway: always verify these messages directly through the official Banamex website or app instead of clicking on embedded links.

Story & Details

What the Email Claimed

The email, sent from marketingdir@email.banamex.com, announced:

“For your security, starting in October your debit and credit accounts will have a transaction limit assigned.” (translated from Spanish)

It continued by assuring customers that they could increase or decrease this limit anytime in the Banamex App. The text emphasized that the limit did not apply to purchases or service payments and was “for your protection.”
A large button at the center said “Do it here” (translated from Hazlo aquí), without showing the target URL.

The message also displayed anti-fraud reminders such as “Together against fraud” (translated from Juntos contra el fraude), and warnings like “Do not open emails from unknown senders.” (translated from No abras correos de usuarios desconocidos). The layout contained Banamex logos, social media icons (Twitter/X, Facebook, Instagram, YouTube), and a corporate footer with the bank’s address and legal disclaimers — all meant to look official.

Signs That Raised Doubts

1. Suspicious sender domain. The address email.banamex.com is not listed among Banamex’s verified domains, which are banamex.com.mx and citibanamex.com.
2. Hidden destination links. The main “Do it here” button did not reveal its URL, preventing verification of its destination.
3. Overuse of reassurance and urgency. Phrases such as “For your security” combined with instructions to act quickly are a common manipulation tactic in phishing campaigns.
4. Too polished, too general. The message was well-designed but lacked any personal reference to the customer — another frequent trait of mass phishing attempts.

What You Should Do

• Do not click on any links or download attachments in suspicious emails.
• Go directly to the official Banamex website (https://www.banamex.com) or open the verified Banamex App to check for alerts.
• Verify inside your account whether there are notifications about transaction limits.
• Report suspicious emails to Banamex’s official security address: seguridad@banamex.com.

These steps are effective not only for Banamex customers but for any online banking user. Acting through official, authenticated channels is the best protection against fraud.

What Domain Checks Showed

Technical verification confirmed that the top-level domain .banamex is owned by Citigroup Inc., Banamex’s corporate parent.

• According to the IANA registry, Citigroup controls the .banamex namespace.
• The domain banamex.com.mx is registered to Citibank N.A., a legitimate entity.
• However, no public record or press release confirms the use of email.banamex.com as an official communications subdomain.

This means that although Citigroup legitimately owns the higher-level domain, it’s impossible to confirm whether email.banamex.com belongs to Banamex’s verified infrastructure. Therefore, any message sent from that address should be treated as potentially fraudulent until proven otherwise.

Conclusions

The email in question closely mimics official Banamex communication — using brand language, visual identity, and security warnings — but lacks the digital proof of legitimacy required to confirm it as genuine.
The domain mismatch and hidden links point strongly toward a phishing attempt. Even when such emails appear authentic, users should always verify directly through secure, official channels rather than interact with embedded buttons or links.

When in doubt, it’s safer to assume fraud than to risk sharing personal information.

Sources

• https://www.iana.org/domains/root/db/banamex.html — IANA record confirming Citigroup’s ownership of the .banamex domain.
• https://www.citi.com/scam-alert — Citi’s official fraud-prevention and phishing-awareness resource.
• https://www.youtube.com/watch?v=vv78OzQVr-g — Verified Citi YouTube video explaining how to recognize and avoid online scams.