May 27, 2014
Apr 14, 2014
Apr 10, 2013
Information Security Awareness Bulletin 
 

1- “Social Engineering”
Social engineering
is a technique used to manipulate people into performing actions or divulging confidential information by tricking or misleading them to bypass security measures and tools. The purpose is to gather confidential information from people through phone, e-mail, regular mail, unsolicited text messages (SMS) or direct contact and use this information in illegal activities such as committing fraud, gaining unauthorized access to systems, etc.

Tips to recognize an act of social engineering
In a social engineering attack, the attacker usually:
• Requests the victim to provide confidential and personal information.
• Refuses to provide specific information or indications that may reveal his/her identity.
• Uses different approaches and techniques that rely on confidence, persuasion, intimidation, assistance, etc.
• Attempts to mislead and/or intimidate the victim in efforts to obtain rapid and spontaneous responses.

Tips to avoid being the victim of social engineering
• Always be suspicious of unsolicited phone calls or emails from individuals requesting personal or confidential information. Verify their identity first by contacting their organization directly.
• Do not use contact information provided by these individuals; instead check previous statements or other sources for contact information.
• Always check whether the individual requesting sensitive information is authorized to have this information.
• Do not be influenced by the attackers’ attitude and do not take for granted what you are told. Always verify the identity of the requester and his/her authority to have the information.

What you should do if you are the victim of social engineering
• If you suspect you are a victim of a social engineering attack, immediately report the incident to Bank Audi’s Help Desk and other concerned parties. Cancelling your credit card and/or changing your e-banking User ID and Password might be required depending on the nature of the information that you revealed.


2- “Fraudulent Emails and Websites (Phishing)”
Phishing
is defined by Wikipedia (http://en.wikipedia.org/wiki/Phishing) as: “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social websites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by email or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users and exploits the poor usability of current web security technologies”.

Tips to recognize phishing emails
• Emails that contain specific expressions in the subject or body text, similar to the following:

-"Verify your account."
-"If you don't respond within 48 hours, your account will be closed."
-"Dear Valued Customer,"
-"Click the link below to gain access to your account."
-Others…

• Urgent requests to confirm, verify or authenticate your personal information, otherwise your account will be closed.
• Offers that help you earn money by transferring cash.
• Although this doesn’t always necessarily apply, typing or grammatical errors, language mistakes and poor design or visual quality are often an indication of fake emails, websites or phishing schemes.

Tips to avoid being the victim of phishing attacks
• To guarantee your privacy and security, please make sure you do not enter your personal details (Customer ID and Password) on any unsecured website.
• Always check the identity and the security level of the website:

• Verify that the website address (URL) is secure: The letter “s” in “https” confirms that the site is fully secure (e.g. “https://audinet.lebanon.banqueaudi.com” for Audi On-Line).
• Make sure you see the “Security Lock” icon on the webpage and click on it to check the website’s identity (e.g. “https://audinet.lebanon.banqueaudi.com” for Audi On-Line).
Location of the Security Lock icon:
-Firefox: Right corner of the bottom status bar
-Internet Explorer/ Safari/ Google Chrome: Right side of the website address bar

• Beware that it is not the practice of Bank Audi to ask clients to update or verify their personal details by email.
 
If you receive a suspicious email claiming to originate from Bank Audi and asking you for sensitive information, do not respond or follow links in the email: simply delete the email.

What you should do if you are the victim of phishing
• If you suspect you are the victim of a phishing attack, immediately report the incident to Bank Audi’s Help Desk and other concerned parties. Cancelling your credit card and/or changing your e-banking User ID and Password might be required depending on the nature of the information that you revealed.


3- Spywares and Viruses
Spywares and Viruses
are malicious programs (or bits of information) that are loaded onto your computer without your knowledge. These programs seriously compromise the security of your information, they can cause damage to your hardware, software or files, consume system resources, monitor your activities and collect sensitive information. Note that the presence of spyware is typically hidden and can be difficult to detect.
 
Tips to protect against Spywares and Viruses
• Never open an email attachment from an unknown or suspicious source, or click on embedded links.
• Never download software from an unknown source.
• Verify the security and identity of websites prior to entering personal or financial information (as indicated above).
• Update your anti-virus and anti-spyware software regularly.
• Ensure that your sensitive data is regularly backed up.


4- Credit Card Fraud
Credit card fraud
is defined by Wikipedia (http://en.wikipedia.org/wiki/Credit_card_fraud) as a “wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or obtain unauthorized funds from an account”.
 
Tips to protect yourself against credit card fraud
• Keep your credit card under your sight every time you use it. Never leave your credit card or receipts lying around.
• Verify that your credit card is returned to you as quickly as possible following each use.
• Always check your card bills and statements and make sure that the charges applied are correct.
• Save your receipts and reconcile them with your monthly bills.
• Never sign a blank credit card receipt.
• If you change your address, make sure to provide Bank Audi with your new address.
• Never respond to emails that request you to provide your credit card information via email.
• Never use your card for online purchases on an unsecured web site.
• Do not share your credit card PIN with anyone and do not store it anywhere near your credit card.
• Make sure no one is looking when you type your credit card number on a screen.
• Save the 24h customer service phone numbers in your contacts directory.
• Report lost or stolen cards immediately and provide the necessary information to stop these cards.
 
What you should do if you are the victim of credit card fraud
• If you believe you are the victim of credit card fraud, immediately report the incident to Bank Audi’s Help Desk. Cancelling your credit card and/or changing your PIN might be required depending on the case.