There has been an increasing number of “phishing attempts” over the past few months with emails purportedly from banks asking customers to update their personal particulars, including information on their bank accounts, online banking user names and passwords. Customers who receive such emails should not follow the sender’s instructions, and should report them promptly to the Bank.

 

Consumers who suspect that their User ID or Personal Identification Numbers (PIN)  have been compromised, or who identify any suspicious activities on their banking accounts, should immediately contact their Relationship Manager.

 

 

What is phishing?

 

Phishing is a way of obtaining sensitive personal information such as one’s banking account details, PIN, One-Time Passwords (OTP), credit card number, User ID or password through the Internet, in order to perform unauthorized banking transactions. The most common phishing method is a spoofed email purporting to be from a bank, credit card issuer or service provider. The emails usually use the following tactics to get the consumer to release their personal information:

"Your account is currently being updated as we are introducing a new security system. Follow the instructions below to reactivate your account."

• "Your credit card is the subject of a police investigation for fraud. Please follow the instructions below."
• "Our records indicate that payment for your Internet account is due. We are also currently introducing a new e-payment service. Please follow the instructions below."
•  "You are the lucky winner of our lucky draw. Please submit your credit card details so that we can verify your identity."

 

The phishing emails typically contain URL links, which when clicked, direct the consumer to fake webpages (e.g. a login page) which mimic the websites of legitimate banks. These fake webpages are often used by perpetrators to harvest the sensitive personal information belonging to consumers. The webpages may also contain malware aimed at infecting consumers’ computing devices.

 

 

Steps to protect against phishing

 

Below are some quick tips that can help you identify potential phishing attacks, as well as best practices that you can adopt to guard against phishing attempts:-

 

• The Bank will never send you emails asking you to divulge any confidential or personal information.
• Never reveal your PIN or OTP to anyone. The Bank would ever ask you for your PIN or OTP (via email or phone) for whatever reason.
• Do not click on any link to log on to bank websites or open attachments in emails purportedly sent to you by the Bank. Instead, always enter the full URL or domain name of the Bank (www.afrasiabank.com) into your browser address bar.
• Check the Bank's website regularly for latest news and communiqués related to Internet / Cyber Security.