The effective management of Cyber / Information Security has always been a priority for Bank of Jordan Group to manage risk and safeguard its reputation in the marketplace.
Cyber and Information Security Policy provides an integrated set of protection measures that must be uniformly applied across Bank of Jordan Group (BOJG) to ensure a secured operating environment for its business operations. Customer Information, organizational information, supporting IT systems, processes and people that are generating, storing, and retrieving information are important assets of BOJG. The availability, integrity and confidentiality of information are essential in building and maintaining our competitive edge, cash flow, profitability, legal compliance and respected Bank image.
Protecting your personal and financial data at the bank is our first priority. We are committed to adopting effective security methods when collecting, processing and transferring your data, in accordance with international best practices and in line with the requirements of regulatory parties.
Tips on how to avoid Phishing
Seeking to ensure banking security for our customers and in light of the apparent increase in phishing via SMS. we at Bank of Jordan offer you helpful advises to raise awareness about how to avoid Phishing.
What is Phishing?
Phishing is one of the electronic fraud means that takes the form of an email or SMS message encouraging the recipient to reveal personal information, such as credit card number, account number, password, etc. These messages seem to be sent from a well-known and a highly credible source, but in fact they are not.
How can we distinguish Phishing messages from other messages?
Normally, phishing messages request personal information from you, while legitimate messages from known websites such as Bank of Jordan, Amazon and eBay will not ask you to provide your password or any personal information
How do Phishing messages look like?
Phishing messages seem to be sent from Bank of Jordan official website or any other website asking you to update your account or make any other similar request, you should not respond. These types of messages can take the following forms:
Bank Of Jordan will never ask you to reveal your username or password via e-mail or phone or any other way.
What to do if I received a Phishing message?
You should follow these steps:
What to do if I received a telephone call requesting to reveal private information?
Refuse to provide any private bank information, contact the Call Center immediately at 065807777 to report the caller.
What is the private banking information that you should not share with anyone, including bank employees?
What to do if I have entered any financial or personal information on a Phishing website or if I was victim of any form of Phishing messages?
If you were a phishing victim, please follow these instructions:
How do scammers obtain my email address or telephone number?
How do I protect myself from Phishing messages?
Keep your private information and don’t share it with anyone. Also, avoid sending your private information via email, SMS or pop-up windows.
If you are visiting a website, print the address directly in the browser’s address bar and do not click on links in any incoming email without checking if authentic, not suspicious or false.
Is it possible that Bank of Jordan would ask clients for their usernames or passwords?
No, but the Bank could contact you directly by phone, regular e-mail, SMS or any other mean to request general information that is not related to passwords, etc. Please do not reveal any private information under any circumstances.
How does Bank of Jordan contact its customers officially and directly regarding their transactions?
Bank of Jordan officially contacts clients through SMS or email address service that the customer previously registered for.
How does ATM Skimming work?
Un-authorized person (Theft) use hidden electronics to steal your card information (Card number and PIN)
Dear our client, To avoid ATM skimming, you are kindly requested to check of the following points before using the ATM machine :
Dear Client, if you face any of these points, please contact the Call Center immediately at +962 6 5807777 and report it.
It is a method of hacking and fraud that depends on the human element, where the attacker uses his skills to communicate with others and uses deception and psychological tricks to obtain from them the required information so that he can perform the hacking or fraud.
Social engineering usually requires some forms of identity theft in order to gain the victim's confidence. For example, the attacker may impersonate a company employee or a customer relationship official through a social media pages where the fraudster communicates with the victim and often, they have some information related to it. They pretend to be bank employees, or other employees of trustworthy institutions, and then try to persuade the victim to transfer money or withdraw cash and hand it over and disclose private information or data (account number, user name, passwords (PIN code, OTP), card number Credit, phone number) noting that financial institutions do not request such information that may be used to access financial resources or sensitive information.
Social engineering types:
They are attacks that occur through communicating with the victim via phone or social networking sites, where the attacker communicates claiming that he is a person with a position or responsibility and has powers and gradually withdraws information from the victim so that he can reach his main goal, which is fraud or hacking.
Password and important information can be stolen by observing the victim while typing it, or eavesdropping and listening to a phone conversation, so it is always recommended to avoid passwords and important information on papers or exchanged with other people.
It is one of the most common social engineering attacks that occurs
over the phone, where the attacker calls claiming to be a person with a
certain authority, and gradually withdraws information from the victim.
The password must be strong and not include in its composition words that are easy for others to find, according to the following: