Security Tips & User Guides

We would like to inform you that in the last period, the number of Malwares which were developed to target the banking information of the customers such as their personal information, accounts numbers, and Internet banking credentials (Usernames and Password) has noticeably increased.

How Personal Information are Stolen

After visiting un-trusted websites or installing software from malicious sources which will be delivered to the user as an email attachment or mentioned URL in the email body, the victim computer could be infected by viruses which enable the criminal to monitor the victim activities (visited websites, performed transactions, entered data, etc.) and steal all used data without the victim knowledge.

This will enable the criminal to access all banking online services by using the stolen credentials (Usernames + Password) and use the available functions such as fund transfer.

Important Advices for Our Valued Customers

1. Use the Tow Factor Authentication Feature on our internet banking service which is called “One Time Password (OTP)”. This feature will send an SMS containing an additional password to your registered mobile number, every time you logon to the internet banking service.
2. Install Anti-Virus software on your computer and keep it always up to date.
3. Do not install Software from un-trusted sources, and do not brows suspicious websites.
4. Ignore any email from unknown senders and delete it immediately
5. Ignore any email asking to visit the Internet banking website by clicking an embedded link, and entering your username and password. It is always preferred to visit the Internet banking website by typing the address in the browser’s address bar.

Protect your banking information when using the internet banking service with these useful security tips.

Below are some security tips to protect your banking information.

• We advise you to select a password that is made up of 15 numerical and alphabetical characters.
• Change your password regularly.
• Always maintain the confidentiality of your banking information, such as the username and password, and do not share them with anyone.
• Disable the option of saving system access information from the browser and ensure that you enter the information every time you access the system, whether you are using the same computer, PDA or others.
• Ensure that you do not write down the user name or password.
• Select a password that is easy for you to remember but difficult for others, such as a password that includes a variety of digits and letters.
• We would like to inform you that Jordan Kuwait Banks policy is not to send clients any confidential information by email, such as the password, or to ask the client for any private or financial information or to enter the PIN on a webpage that appears in an email. Therefore, Jordan Kuwait Bank advises clients to ignore such emails and immediately inform the bank about such incidents by calling the contact center at 06-5200999 / 080022066
• Ignore any email, SMS, Fax or communication that asks to disclose personal or banking information or the password of your account and immediately inform the bank about such incidents by calling the contact center at 06-5200999 / 080022066.
• Use a different password for every website you visit to ensure security.
• Do not open internet banking website using cashed links on other websites or included in emails. We recommend that you type the address manually every time in your web browser.
• Use your personal computer to access internet banking service and avoid using computers or the internet service in public places, such as internet cafes or free wireless connections.
• Ensure that you log-out from the internet banking website when you finish your work or when you are leaving the location of your computer.
• Lock your PC when unattended, press and hold the Ctrl, Alt, Del keys.

What is Social Engineering?

• “Social Engineering" refers to the practice of manipulating people as to circumvent security systems and conduct fraud. This technique involves obtaining information people would not normally reveal to strangers.
• Social engineering can take on a variety of forms, (e.g. telephone, email, written mail, fax, or Instant Messaging).

Social engineering techniques:

Spoofed emails can be identified by recognizing their distinguished form or composition, for example, a form of email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply

• Phishing:
  • Phishing is a type of deception designed to obtain and use your personal data (e.g. credit card numbers, passwords, account data, etc.) for fraudulent purposes.
  • Con artists send thousands of “spoofed” e-mail messages (or even SMS messages) that appear to come from a source you trust, like your bank, and request from you to provide personal information via e-mail or redirect you to illegitimate websites, identical to the original, created by them for this purpose.
• spoofed email
  • Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information, such as username and passwords. Most of the times, it includes links to fake sites and is used a as a medium to spread and carry out phishing attacks.
• How do I identify a spoofed email?

• Shred documents containing confidential information (e.g. credit card statement, PINs, account statement) when no longer needed
• When traveling or while using your laptop in public places:
  • Keep your laptop with you and do not check it in with luggage.
  • Never leave your laptop in an open view in your car, lock it in your trunk.
  • Never leave your laptop unattended in public places.
  • Regularly monitor your account activity to detect any fraudulent transaction.