ARAB NATIONAL BANK (ANB) has always placed information safety and security as its utmost priority by adapting the best effective state-of-the-art international information security practices and controls. We also monitor the Internet for illegal or unauthorized use of the Bank’s name and trademark. The process includes detecting incidents of fraudulent web sites that look similar to ANB’s, as such sites can threaten the privacy and security of our customers.
It is very important that we share with you the most common information security growing threats to exert the proper attention to protect your information and your banking transactions from these threats, some of which are:
A criminal activity using attempts to fraudulently acquire sensitive information, such as usernames, passwords, account and credit card details, by masquerading as a trustworthy friend or company entity such as a bank or impersonating a Bank employee in an electronic communication or fake site or personal communication. Banks that offer online banking services are targeted sites for soliciting those operations. Phishing is typically carried out using email or an instant message, and often directs users to give details at a fake website, although phone contact has been used as well.
This is an attack against the identity of a person like you, our customer. Oftentimes referred to as ‘identity theft’, the attacker wants to get hold of your personal information, using various techniques e.g. fake web sites, fake e-mails etc. What can you do to help us prevent Phishers from taking advantage of you?
- Do not click on any link provided, by any means, instead always type the ANB’s website address (www.anb.com.sa).
- For logging in, always type the website address (www.anb.com.sa) on your web browser.
- Avoid using “public” computers or network connections, especially when reviewing your financial information, In case you do use a “public” computer or network, when you finish delete personal files, cookies and the Internet cache after use.
- Protect your laptop and other portable electronic devices from being stolen; enable hard disk encryption and require a password for access.
- Never give out personal or financial information to anyone in response to a request to update, validate or confirm your account information, unless you have initiated the contact and you know whom you are dealing with. Note that the Bank does not update the information only through its branches and in the presence of customers personally.
- Do not click on the link in chatting rooms or messages or call a phone number provided in suspicious emails even to update your information.
- Do not reply to emails that look suspicious or are asking for personal information such as your National ID/ IQAMA number, account number, PIN or password.
- Please note that Arab National Bank will never send you an email asking you to respond with your personal information.
- If you have recently responded to an unsolicited email in which you provided any personal information regarding your Arab National Bank account and you now suspect it may not have been Arab National Bank, contact us immediately so that we may take steps to protect your account.
- Update your bank account with any changes to your status and info by visiting ANB’ branches. i.e. mobile\telephone number or address change.
- Customer should report any security incident to Arab National Bank by email at firstname.lastname@example.org or by calling 800 124 4040. This will enable the bank can take appropriate actions to protect you.
- Always answer the security questions that the bank officer asks, which guarantees for sure your identification
- Always update your information (means of communication, postal and electronic addresses, etc.) through visiting to the Bank's branches.
The act of obtaining or attempting to obtain otherwise secured information by ‘conning’ an individual into revealing the secure information. Social engineering is successful because its victims innately want to trust other people and are naturally helpful. The victims of social engineering are tricked into releasing information that they do not realize will be used to attack a computer network. For example, an employee in an enterprise may be tricked into revealing his User ID and Password to someone who is pretending to be someone from IT support team. The social engineer can use that information in conjunction with other information that has been gathered to get closer to finding a way into the enterprise’s network.
Phishing is a type of security attack that relies on social engineering in that it lures the victim into revealing information based on the human tendency to believe in the security of a brand name because they associate the brand name with trustworthiness.
Also, some methods of luring is through the use of the same client account to pass suspicious transactions or resulting from financial fraud and embezzlement through requesting customer account number to deposit those amounts and then withdraw those funds from his account and handed over to the impostor.
Virus and Spyware
This is the most common threat facing us today. Virus, spy ware, Trojans and worms can do various degrees of damage depending on their type as well as extract sensitive information, such as usernames and passwords for unlawful use. Customer should have up-to-date Antivirus and Anti spyware software installed and enabled on their PC all the time.
Identity theft is a crime in which someone wrongfully obtains access to your personal information and uses it in a way that involves fraud or deception, usually for economic gain. Unfortunately, most identify theft victims don’t realize they’ve been targeted until the damage has been done; resulting in unknown charges or withdrawals to bank accounts, or calls from collection agencies among other consequences.
Identity theft is the deliberate assumption of another person's identity, usually to gain access to their finances or frame them for a crime.
Preventing Password Guessing
Keep your password confidential, change it frequently and avoid using passwords that are common, well-known and easily predictable. We would advise you, for your own security, not to use common information such as your birthday, telephone number or a recognizable part of your name as your password.
Customer Role (things you should do)
Customers also have a role to play to ensure their on-line security. anb recommends that you adhere to the following security guidelines:
- Keep your Operating System updated with the latest security updates and patches.
- Enable your Antivirus and Anti Spy software and ensure it is configured to update automatically all the time.
- Use properly configured Firewall software.
- Review your Internet security settings in the browser
- Keep your Password/PIN/TPIN secret. Remember it should never be shared with anyone, even with ANB staff.
- When conducting online transactions through ANB Net, make sure to type www.anb.com.sa and not go through any link received via email or internet websites
- Update your bank account with any changes to your status and info by visiting ANB’s branches. i.e. mobile\telephone number or address change.
When accessing anb Net, do not use a public network/computer.
There are a number of risks involved when using shared computers, public computers and wireless networks at places like libraries, internet cafes, airports, and coffee shops. The network maybe poorly secured and easily exploitable by hackers and thieves – one of whom may be sitting right next to you, looking over your shoulder, and stealing your information. A hacker may even be the one running the free wireless signal you’ve logged upon, grabbing all of your information as fast as you can send it. The use of shared and public computers and wireless hotspots is not recommended if you are working with sensitive information of any kind.
Some of the more common risks associated with using shared & public computers and internet cafés are:
- Web browsers and internet service providers often record (or cache) your browsing history in cookies, enabling companies and individuals to track your surfing habits and possibly access your online accounts you’ve logged into.
- A key logger may be installed on that computer you are using, tracking your keystrokes in order to collect your passwords and user IDs for later use.
- Spy ware can track your browsing habits, recording your passwords and login information.
- That free wireless network you’re connected to may be run by a hacker.
- Often thieves literally look over your shoulder to steal personal and sensitive information as you enter it in.
How to identify that the caller is a bank official?
If you receive a call from “somebody” claiming to be a bank official and you are asked personal banking information by them:
- Do not disclose any of your information to him/her.
- Tell them that you will call them back on the bank’s extension and ask for the extension.
- Call the bank’s official phone number and ask for extension you had been given
- You can visit a bank branch to solve the matter if information is needed from your, please do not to disclose any of your sensitive banking information even to the branch employees or manager.
Personal banking information you should not disclose to anyone even bank staff:
- ATM or credit card numbers.
- ATM or credit PIN numbers.
- Internet banking username and/or password.
- Your identification number.
- Bank account number
- Phone banking password.
- Any password or username you use to access any electronic channel like internet, phone banking, ATM, etc.
The Bank will never ask for sensitive account information via emails or telephone calls.
Do not trust any web site simply because it holds the anb logo, always make sure that you access anb web site at this address: www.anb.com.sa. Also make sure that URL on your browser is secured https://www.anb.com.sa when logging to internet banking, if not, never access this site
Protect your mobile phone
Your mobile may hold lots of personal data and used in internet banking and online trading - keep it safe. You should consider the following:
- Setting and using a security PIN code for the set: Adjusting the mobile settings so that it locks automatically if you don't use it for a minute or two.
- Do not store passwords or other sensitive information on your mobile in a way that can be understood by someone else.
How to report suspected security incidents?
If you suspect that there has been an un-authorized breach of your account(s), or that an online transaction has taken place that you did not initiate, you should notify arab national bank immediately by emailing the details to email@example.com, or by calling 800 124 4040.
For Fraud News & Awareness please follow the link