HBZ GROUP SECURITY ADVISORY

 

Dear Customer,

Habib Bank AG Zurich (HBZ), as well as all subsidiaries of the Bank, irrespective of whether these are wholly owned subsidiaries or the Bank has only a majority ownership interest (collectively "the Group", wherever located is committed to protecting your account information and transaction details. We have implemented number of controls and security measures designed to monitor and secure your data.

Please note that HBZ will never request you to share confidential information such as your personal data, account number, Internet banking username and/or password, credit card details, etc. via email, text messages, automated phone calls or any social website including but not limited to LinkedIn, Facebook and Twitter etc.

Unfortunately electronic fraud is growing and criminal elements continue targeting consumers. Among the common techniques used by criminals to commit fraud are "phishing" and email hacking.

  • Phishing is where a fraudulent email appears to be sent from HBZ. This scam email includes a link to a web page that looks like the Bank's site and requests personal information. This is not a legitimate HBZ email and the link does not go to a genuine HBZ web page, instead may redirect you to a "Spear Phishing" website (please check and confirm the website's address in your browser's address bar. Does it look like https://online.habibbank.com/hPLUS ? If not, then do not enter any detail over there). Under no circumstances you should provide or share your personal information by replying to the fraudulent email, click on any links and login.
  • Email hacking incidents are on the rise worldwide. This type of fraud is done after fraudulently obtaining your email ID account password. Once account password is compromised emails are intercepted and contents (invoices, payment instructions etc.) are altered and then forwarded to the intended receiver. Many of our clients have informed us that they have become victim of such criminal acts (altered email or invoice fraud).
  • Impersonation is also very common these days and we have come across few instances wherein fraudsters contacted our clients impersonating as the Bank's agent using social websites. Please note that the Bank's representative will never use any social website to contact it's customers. If there is any need for the Bank's representative to get in touch with you, the customer, then we will use only legitimate and verifiable source only.

In its continued efforts to further enhance security while logging onto HBZweb, HBZ offers its clients options for adding greater security while logging on to HBZweb.

  • In order to further enhance security while logging onto HBZweb, a new challenge - response - authentication - mechanism has been introduced. A dynamically generated 5 digit challenge, embedded in a graphic background, is displayed whenever the HBZweb login screen appears on the user's browser which the user has to enter in the specified field. In addition to the response-authentication-mechanism the user has to enter his login ID, password and an optional secure key. This will prevent automated processes from guessing HBZweb passwords and enhance security.
  • Never respond to email requests that ask for any bank details. Please do not reply or click on any link that requires you to login to a bank account. Simply delete the e-mail.
  • Never send your account information via an email system other than the email system within your secure online banking web site.
  • Keep updated software to protect your computer from viruses, spyware or malware.
  • Verbally verify payment details with your existing or new supplier before forwarding the payment instruction to HBZ. This is the only way you can be sure that the payment instruction you have received was sent by your supplier. Please do not seek or rely on email confirmations.
  • If you have previously replied to a suspicious email and provided personal or sensitive information about your account, please contact your branch immediately.
  • Make sure that the location bar on the browser at the login-page shows the address starting with "https://online.habibbank.com/". Please note the "s" after the "http." If it does not have an "s," DO NOT enter any password and contact the bank immediately. This must be checked even if the HBZweb link is bookmarked as certain viruses can change bookmarks to point to fake sites.

General Tips

  • To login to your account, always type: www.habibbank.com
  • Use the HBZweb option links and buttons to browse through theHBZweb online banking site as using the browser's navigation buttons (i.e. back, forward and refresh) may log you out of the session.
  • Do not send any confidential information including account numbers, passwords, PINs, signed payment instructions via regular email because emails are not encrypted and therefore, subject to being intercepted and read by third parties.
  • Please check your monthly financial statements and report any discrepancies and/or unusual account activity and get in touch with your branch immediately.

Protect your password

  • Keep your HBZweb password strictly private. Never share your password with anyone including Bank employees and the law enforcing agencies.
  • Do not use easy passwords such as your name, date of birth, etc.
  • Use a combination of Alphanumeric and special characters including lower case and upper case letters.
  • If you feel that your HBZweb password has been compromised, you must lock your HBZweb account immediately. Attempt to log-in by inserting an incorrect password three times. HBZweb access will be automatically locked after the third unsuccessful attempt.
  • Always "log-out" from your online banking session when finished and close the browser.
  • Never leave your computer unattended after you have logged onto HBZweb online banking.
  • If you access your account from any computer other than your own (e.g.computer at work) be sure the system is private, not shared.
  • Make sure your browser supports 128-bit SSL encryption.
  • Keep virus definitions on your computer updated. Always make sure that you have applied all the latest security patches to your browser.
  • For further security, opt to use HBZsecure Key. For certain options, such as third party fund transfer and HBZeLocker, the use of HBZsecure Key is mandatory. (Applicable for UAE, UK and HK customers)

For Additional Security Advisory for Habib Bank Zurich (HK) Limited customers, Click here.