Security Tips – Malware Protection
Increasingly, Malwares are being developed to target the banking information of the customers such as their personal information, accounts numbers, and Internet banking credentials (Usernames and Password).
How Personal Information are Stolen
Different approaches are used to infect the victim’s computers or mobiles with Malware, including:
- Visiting un-trusted websites,
- Installing a software from malicious sources which are delivered to the user as an email attachment or a link (URL) in the email body.
- Using in infected media storage devices (USB, CD, DVD, etc.).
- Installing malicious mobile applications from untrusted sources. These applications use fake icons (which belong to a trusted application or operating system.
The victim computer are infected with viruses which enable the criminal to monitor activities such as visited websites, used applications, performed transactions, entered data (i.e. usernames and passwords), etc. Then they steal confidential data without the victim’s knowledge.
This will enable the criminal to access all banking online services by using the stolen credentials (Usernames + Password) and use the available functions to steal money such as fund transfer.
Important Advices for Our Valued Customers
- Use the Tow Factor Authentication Feature on our Online Banking service, which is called “One Time Password (OTP)”. This feature will send you an SMS containing an additional password to your registered mobile number, every time you logon to the internet banking service.
- Install Anti-Malware software on your computer and keep it always up to date.
- Do not install Software or Apps on your Computer or Mobile from un-trusted sources, and do not brows suspicious websites.
- Ignore any email from unknown senders and delete it immediately
- Ignore any email asking to visit the Internet banking website by clicking an embedded link, and entering your username and password. It is always preferred to visit the Internet banking website by typing the address in the browser’s address bar.
- In case you suspected a fraud attempt or you received any request to provide your banking information, please report the case by contacting JKB Call Center on 06-5200999 / 080022066.
Security Tips When Using Internet JKB Online Services
Protect your banking information when using the internet banking service with these useful security tips.
Below are some security tips to protect your banking information.
- We advise you to select a password that is made up of 15 numerical and alphabetical characters.
- Change your password regularly.
- Always maintain the confidentiality of your banking information, such as the username and password, and do not share them with anyone.
- Disable the option of saving system access information from the browser and ensure that you enter the information every time you access the system, whether you are using the same computer, PDA or others.
- Ensure that you do not write down the user name or password.
- Select a password that is easy for you to remember but difficult for others, such as a password that includes a variety of digits and letters.
- We would like to inform you that Jordan Kuwait Banks policy is not to send clients any confidential information by email, such as the password, or to ask the client for any private or financial information or to enter the PIN on a webpage that appears in an email. Therefore, Jordan Kuwait Bank advises clients to ignore such emails and immediately inform the bank about such incidents by calling the contact center on 06-5200999 / 080022066
- Ignore any email, SMS, Fax or communication that asks to disclose personal or banking information or the password of your account and immediately inform the bank about such incidents by calling the contact center at 06-5200999 / 080022066.
- Use a different password for every website you visit to ensure security.
- Do not open internet banking website using cashed links on other websites or included in emails. We recommend that you type the address manually every time in your web browser.
- Use your personal computer to access internet banking service and avoid using computers or the internet service in public places, such as internet cafes or free wireless connections.
- Ensure that you log-out from the internet banking website when you finish your work or when you are leaving the location of your computer.
- Lock your PC when unattended, press and hold the Ctrl, Alt, Del keys.
Security Tips When Using mobile banking service:
- Avoid downloading apps from third-party app stores or links provided in SMS or emails.
- Always keep ‘Unknown Sources’ disabled. Enabling this option allows installation of apps from third-party sources.
- Keep Play Protection service ‘ON’, for Android devices
- Verify app permissions before installing any app even from official stores such as Google Play on Android devices.
Security Tips When Using ATMs
Protect your banking information when using ATMs by following these security tips.
A number of bank ATMs around the world were exposed and card information was stolen using fake components that are installed over the original ATM components, and they include:
- The keypad
- The card reader slot.
- Here are some tips to avoid the compromise of your card information or PIN:
- It is highly recommended to use the same ATM as much as possible. If you use the same ATM regularly, it is easier to notice any changes.
- Be careful and observant when using another ATM (Notice the existence of strange object fixed over the ATM, existence of monitoring person, etc) and immediately inform the bank about such incidents by calling the contact center at 06-5200999 / 080022066.
- Ensure that the keypad is leveled with the ATM and not protruding.
- Ensure that the card slot is leveled with the ATM and not protruding.
- Be aware of any small cameras placed at the front of the ATM to photograph the PIN.
- Make sure to use the PIN Guard utility installed on our all our ATMs, and if you had to use an ATM with no PIN guard installed please make sure to place a piece of paper of an envelope to cover your hand when entering the PIN,
- Wait for the ATM to return the card to you. Do not leave until you receive the money and the card or a bank notification indicating that the card has been withdrawn, should this occur. You may contact the numbers shown on the ATM's screen for assistance.
Security Tips When Using Your Plastic Card over Point of Sale or internet shopping
Protect your banking information when using your plastic cards with these useful security tips.
- Ensure that you have received your PIN in a sealed envelope that has not been tampered with.
- It is preferable to immediately change your PIN as soon as you receive the PIN and card from the Bank as well as change the PIN on a regular basis.
- Notify the bank immediately if you lose the card and request that it is suspended by calling the contact center at 06-5200999 / 080022066
- Keep the card in a safe place and do not allow anyone else to use it.
- Do not keep the card and PIN in the same place. It is better to memorize you PIN.
- Do not disclose information related to the card, such as its number or PIN, by email or websites or telephone calls.
- When using the card over Point of Sale, watch the person who is entering the card on the Point of Sale system and enter the PIN yourself on the system and do not give it to the seller. Ensure that you take your copy of the receipt and verify the amount that was deducted and cover your hand while entering the PIN number.
- When using credit cards on websites, ensure that you are dealing with secure and well-known websites (“Secure Websites” HAVE a lock icon) and note that it is preferred to use the prepaid card for online shopping.
- It is advisable to be alert when traveling, particularly in countries where card hijacking occurs. It is better to change the card upon return from travel.
- When using Point of Sale, ensure that there are no persons can monitor you in order to have the card number and the CVV / CVC
- Destroy expired card by breaking them.
- If you use a Visa card for online purchases, subscribe to Verified By Visa service for added security and privacy.
What is Social Engineering?
- “Social Engineering" refers to the practice of manipulating people as to circumvent security systems and conduct fraud. This technique involves obtaining information people would not normally reveal to strangers.
- Social engineering can take on a variety of forms, (e.g. telephone, email, written mail, fax, or Instant Messaging).
Social engineering techniques:
- Phishing is a type of deception designed to obtain and use your personal data (e.g. credit card numbers, passwords, account data, etc.) for fraudulent purposes.
- Con artists send thousands of “spoofed” e-mail messages (or even SMS messages) that appear to come from a source you trust, like your bank, and request from you to provide personal information via e-mail or redirect you to illegitimate websites, identical to the original, created by them for this purpose.
- Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information, such as username and passwords. Most of the times, it includes links to fake sites and is used a as a medium to spread and carry out phishing attacks.
How do I identify a spoofed email?
- Spoofed (Fake) emails can be identified by recognizing their distinguished form or composition, for example, a form of email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply
- Shred documents containing confidential information (e.g. credit card statement, PINs, account statement) when no longer needed
- When traveling or while using your laptop in public places:
- Keep your laptop with you and do not check it in with luggage.
- Never leave your laptop in an open view in your car, lock it in your trunk.
- Never leave your laptop unattended in public places.
- Regularly monitor your account activity to detect any fraudulent transaction.
Security Tips – Security and protection guidelines when using e-walletsThere are many electronic fraud methods that may target some e-wallet holders aiming to steal e-Wallet accounts. You are advised to follow the below mentioned guidelines when using e-Wallet accounts:
- Do not write-down any confidential information about e-wallet applications (such as username and password), or store it on a mobile phone or a personal computer
- Do not share information related to e-wallet applications with others, and do not send it by e-mail or through social media.
- Use a strong password to lock your mobile device and do not share it with others so that this information cannot be used if the phone is lost or stolen.
- In case your mobile phone is lost or stolen, the responsible stakeholders must be informed (the e-wallet service provider, and the mobile service provider; since the phone number represents the user name of the e-wallet) to take the necessary actions.
- Do not use free Wi-Fi networks as it may reveal your personal information.
- Use only official application stores such as the Play Store and the App Store to download programs, and not to use any other unreliable sources since it may carry malicious software used in hacking and data theft.
- Regularly update e-wallet applications through official stores such as the Play Store and the App Store.
- Be vigilant of phishing and frauds that may target e-wallet holders, noting that e-wallet service providers do not request any personal or confidential information to be provided or modified via e-mails or text messages.