PIN Change Service:: Security Tips

Phishing:

Fraudulent emails are used by criminals to lure you to fake websites, which resemble original websites of financial institutions, and ask you to divulge personal information such as credit card number, PIN number or Security Authentication Key.

The most common type of phishing e-mail claims to be a security message requesting you to validate your personal details or security questions. However, the details you confirm are then sent to the criminals.

CrediMax would never request such personal information from you, our customer, in such an e-mail.

How to protect yourself

• You should never access CrediMax's quickpay facility via a link contained in an e-mail.
• To access CrediMax's quickpay facility either type www.credimax.com.bh on your web browser then follow the link to the site or go directly to the CrediMax quickpay site at https://www.credimax.com.bh. These sites are secure and you will see the padlock symbol displayed on the status bar of your browser.
• If you receive any such Phishing email immediately advise CrediMax on +973 17 117 117.

Pharming:

Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof websites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser however will show you are at the correct website, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.

How to protect yourself

• One way to check to see if the site you have been directed to is real is to look for the lock icon, usually located in the address bar. If the icon does appear, click on it to verify a secure connection. However, keep in mind that the lock does not "guarantee" security. It is only a temporary security solution as there is no telling when the hackers will be able to perfect this icon to look legitimate.
• Another way is to check the address of the website for https:// where "s" stands for 'secure site'
• Report the incident to CrediMax at +973 17 117 117

Vishing:

Vishing is an attempt of a fraudster to take confidential details from you over a phone call. Details like user ID, login & transaction password, Card PIN, CVV or any personal parameters such as date of birth, email address. Fraudsters claim to represent banks and attempt to trick customers into providing their personal and financial details over the phone. These details will then be used to conduct fraudulent activities on your account without your permission leading to financial loss.

Tips to protect yourself

• Your bank would have knowledge of some of your personal details. Be suspicious of any caller who appears to be ignorant of basic personal details like first and last name (although it is unsafe to rely on this alone as a sign that the call is legitimate). If you receive such a call, report it to CrediMax.
• Do not call and leave any personal or account details on any telephone system that you are directed to by a telephone message or from a telephone number provided in a phone message, an e-mail or an SMS especially if it is regarding possible security issues with your credit card.
• When a telephone number is given, you should first call the phone number on the back of your credit card or on your bank statement to verify whether the given number actually belongs to the bank.

Key Loggers and Trojans:

Key loggers are software programs that capture a computer user's keystrokes. Such systems are used by hackers to obtain passwords or encryption keys and thus bypassing other security measures.

A Trojan is a program that appears legitimate, but performs some illicit activity when it is run. It may be used to locate password information or make the system more vulnerable to future entry or simply destroy programs or data on the hard disk. A Trojan is similar to a virus, except that it does not replicate itself. It stays in the computer doing its damage or allowing somebody from a remote site to take control of the computer. Trojans often sneak in attached to a free game or other utility.

How to protect yourself

• Never use computers located in public places such as Internet cafes or airport lounges for online banking.
• Install a Personal Firewall and anti-virus software with latest security patches and anti-virus signatures.
• Always remember to update your antivirus signature
• Do not visit suspicious sites. If you suspect that a website is not what it purports to be, leave the site immediately. Do not follow any of the instructions it presents.
• Monitor your transactions. Review your order confirmations, Credit Card and Bank Statements as soon as you receive them to make sure you are being charged only for transactions that have taken place. Immediately report any irregularities to your bank.