Introduction

 The effective management of Cyber / Information Security has always been a priority for Bank of Jordan Group to manage risk and safeguard its reputation in the marketplace.

Cyber and Information Security Policy provides an integrated set of protection measures that must be uniformly applied across Bank of Jordan Group (BOJG) to ensure a secured operating environment for its business operations. Customer Information, organizational information, supporting IT systems, processes and people that are generating, storing, and retrieving information are important assets of BOJG. The availability, integrity and confidentiality of information are essential in building and maintaining our competitive edge, cash flow, profitability, legal compliance and respected Bank image.

Protecting your personal and financial data at the bank is our first priority. We are committed to adopting effective security methods when collecting, processing and transferring your data, in accordance with international best practices and in line with the requirements of regulatory parties.

Tips on how to avoid Phishing

Seeking to ensure banking security for our customers and in light of the apparent increase in phishing via SMS. we at Bank of Jordan offer you helpful advises to raise awareness about how to avoid Phishing.

What is Phishing?

Phishing is one of the electronic fraud means that takes the form of an email or SMS message encouraging the recipient to reveal personal information, such as credit card number, account number, password, etc. These messages seem to be  sent from a well-known and a highly credible source, but in fact they are not.

How can we distinguish Phishing messages from other messages?

Normally, phishing messages request personal information from you, while legitimate messages from known websites such as Bank of Jordan, Amazon and eBay will not ask you to provide your password or any personal information

How do Phishing messages look like?

Phishing  messages seem to be  sent from Bank of Jordan official website or any other website asking you to update your account or make any other similar request, you should not respond. These types of messages can take the following forms:

• Urgent requests to provide personal information.
• Phrases that ask you to take quick and urgent actions.
• Requests that urge you to provide your username, password, accounts number, etc.
• Messages with strange subject title or replies to unusual subjects.

Bank Of Jordan will never ask you to reveal your username or password via e-mail or phone or any other way.

What to do if I received a Phishing message?

You should follow these steps:

• Do not respond.
• Do not call the number mentioned in the letter.
• Report the message by contacting Bank of Jordan Call Center around the clock.

What to do if I received a telephone call requesting to reveal private information?

Refuse to provide any private bank information, contact the Call Center immediately at 065807777 to report the caller.

What is the private banking information that you should not share with anyone, including bank employees?

• ATM or credit card PIN code.
• Online banking username and password.
• Phone banking services passcode or any other username or passcode you use for electronic banking services.

What to do if I have entered any financial or personal information on a Phishing website or if I was victim of any form of Phishing messages?

If you were a phishing victim, please follow these instructions:

• Contact the Call Center and report the received email message along with the type of information that you have provided.
• Follow the Call Center’s instructions.
• Immediately change your password for all your electronic banking accounts.
  

How do scammers obtain my email address or telephone number?

• Normally, scammers do not target individuals, instead they randomly send thousands of emails or SMS messages to a large number of e-mail addresses or phone numbers to capture victims.

How do I protect myself from Phishing messages?

Keep your private information and don’t share it with anyone. Also, avoid sending your private information via email, SMS or pop-up windows.

If you are visiting a website, print the address directly in the browser’s address bar and do not click on links in any incoming email without checking if authentic, not suspicious or false.

Is it possible that Bank of Jordan would ask clients for their usernames or passwords?

No, but the Bank could contact you directly by phone, regular e-mail, SMS or any other mean to request general information that is not related to passwords, etc. Please do not reveal any private information under any circumstances.

How does Bank of Jordan contact its customers officially and directly regarding their transactions?

Bank of Jordan officially contacts clients through SMS or email address service that the customer previously registered for.

Tips to avoid ATM Skimming:

How does ATM Skimming work?

Un-authorized person (Theft) use hidden electronics to steal your card information (Card number and PIN)

Dear our client, To avoid ATM skimming, you are kindly requested to check of the following points before using the ATM machine :

• Do not accept help from any unknown / suspicious person when  using the ATM/p>
• Change your PIN time to time
• Check the card reader if it is not fake by moving it gently.
• Check if there isn't a skimmer keypad over the ATM  keypads.
• Check if there isn’t camera pointed on keypad.
• Make sure to close the PIN guard while entering the PIN.

Dear Client, if you face any of these points, please contact the Call Center immediately at +962 6 5807777 and report it.

Social Engineering

What's social engineering or online fraud?

It is a method of hacking and fraud that depends on the human element, where the attacker uses his skills to communicate with others and uses deception and psychological tricks to obtain from them the required information so that he can perform the hacking or fraud.

Identity fraud

Social engineering usually requires some forms of identity theft in order to gain the victim's confidence. For example, the attacker may impersonate a company employee or a customer relationship official through a social media pages where the fraudster communicates with the victim and often, they have some information related to it. They pretend to be bank employees, or other employees of trustworthy institutions, and then try to persuade the victim to transfer money or withdraw cash and hand it over and disclose private information or data (account number, user name, passwords (PIN code, OTP), card number Credit, phone number) noting that financial institutions do not request such information that may be used to access financial resources or sensitive information.

Social engineering types:

1. Human-based engineering, which are human-based crimes without technology intervention. Examples include:
   • Persuasion

They are attacks that occur through communicating with the victim via phone or social networking sites, where the attacker communicates claiming that he is a person with a position or responsibility and has powers and gradually withdraws information from the victim so that he can reach his main goal, which is fraud or hacking.

• spying and eavesdropping

Password and important information can be stolen by observing the victim while typing it, or eavesdropping and listening to a phone conversation, so it is always recommended to avoid passwords and important information on papers or exchanged with other people.

• Voice fraud (vising)

It is one of the most common social engineering attacks that occurs

over the phone, where the attacker calls claiming to be a person with a

certain authority, and gradually withdraws information from the victim.

2. Technology-based Engineering, which are programs and techniques that help the attacker to access information. For example: 
   • Phishing
     It is one of the most important methods of social engineering, usually it is an emails and social media messages that reaches the victim and contains a link to a fake page that appears completely similar to the official website, and it is possible to ask the victim to enter a password and username and then direct him to the correct page after obtaining the confidential data of the victim.
   • Spam mail
     It is a large amount of emails and social media messages that are sent with attractive addresses, which contains what can cause service interruption and/or information theft.

How to protect yourself?

• Do not trust any communication process, if it is via a phone call, email, or message via social media from any person who asks you for personal or banking information, and you must verify the identity of this person by contacting the source requesting the information before sharing any information.
• Avoid putting personal information on the Internet as much as possible.
• Do not share your personal information even with those close to you, to protect you and them.
• Make sure to keep your important papers and documents in a secure places, and to destroy it if you don’t need it.
• Avoid interacting with e-mails that contain suspicious links , mobile messages, or on social media.
• Use a strong password for online banking and change it frequently.

The password must be strong and not include in its composition words that are easy for others to find, according to the following:

• The password must consist of upper and lower case letters, with numbers, and special symbols.
• You must not use passwords that are known and can easily know, such as names, date of birth or phone numbers.
• The password must be at least 8 characters long.
• You must not use numbers or letters such as frequent (3333 or AAAA).
• You should not share your password with any person or written in a conspicuous place.
• The password must be changed frequently.