Security Awareness
Latest update: Feb 15, 2024

Dear Customers,
Based on our duty to protect you from the risk of being exposed to Cybersecurity, we present this awareness message with aiming to raise the culture of “Cybersecurity”. Here are some guidelines that aim at raising your awareness to able to know detect and avoid it is practices.


anb Official Applications:
Ensure that you use a reliable source to download the Bank's application

anb Mobile

    



Social Engineering 
Social engineering is one of the techniques used by hackers to push users to perform certain actions that harm their privacy and data or disclose confidential information. Social engineering relies on various techniques and methods of Cybersecurity, the most important of which are:
- Phishing through e-mail
- Phishing through the phone
- Phishing through text messages
- Identity theft 

Phishing through email
It is one of the cybercrimes in which you are contacted by e-mail by a person claiming to be a representative of Arab National Bank; to force you to provide sensitive data such as personally identifiable information, bank card details, username and other confidential information.

How phishing scams are done via email?
Phishing attacks are based on the use of various information sources to collect basic information about the victim such as his interests and activities. This information can then be used to craft a believable email to make the victim:
- Take quick action without checking the email sent
- Installs malicious software, such as ransomware that may prevent you from accessing your important data or the bank for the purpose of theft or extortion
- Reveals important and sensitive information such as passwords for your accounts or credit card details through fake websites.

How to recognize phishing email?
There are many signs that indicate that an email is just a phishing attempt, and one of these signs is:
- The e-mail has many spellings errors.
- The e-mail uses urgency in its words to push the user into taking an action. 
- The email is sent from public domains such as Gmail or Hotmail instead of the official domain @anb.com.sa
- The e-mail asks you to disclose personal information such as username and other confidential information.

What to do when you receive an email that looks suspicious
- Do not click on any links or provide any sensitive information
- Do not download any attachments from unknown people, as these attachments may contain malware.
- If there are any links in the email, hover the mouse cursor before clicking on it, if the address of the URL does not match the description of the link, this may direct you to a phishing site.

Phishing through phone calls (vishing)
Vishing is one of the social engineering techniques in which the hacker relies on phone calls with the victim. The hacker claims to be a representative of Arab National Bank in order to convince the victim to share his personal or banking information
How to determine whether the caller is an Arab National Bank employee or not?
1. Check the purpose of the call: ask the caller why he is calling and what he needs from you. If the caller asks for sensitive information or asks you to transfer money, be careful and do not share your information.
2. Urgency is one of the common ways hackers push users to disclose their information without thinking
Always remember:
Be careful in providing sensitive information, Arab National Bank employees will not request this information.
Phishing through text messages (smishing)
Smishing through text messages is one of the social engineering techniques that rely on SMS, the hacker claims in his message that he is a representative of Arab National Bank in order to urge the user to click on a link or disclose personal information such as passwords or credit card numbers
The hacker pushes you to do one of these actions:
- Clicking on a link to a malicious site.
- An attempt to urge the user to disclose confidential data such as account numbers or passwords.
- Urge the user to download a malicious attachment.

Protection practices against phishing text messages
- Do not click on any links you receive via text messages before validating them.
- Do not reply to any suspicious text message, as it will alert hackers that they have accessed an active phone.
- Do not disclose any personal or financial data.
- Verify any text message claiming to be from the bank by communicating directly with the bank.
- Think before you click, text messages that use urgency are one of the signs of phishing messages.

Identity Theft
Identity theft is the process of stealing personal information of users with the aim of using this information to conduct illegal operations. Personal information such as username, password, passport Number, national ID number and other personal information is stolen.
The risks involved in identity theft include:
The risks of identity theft include:
1. The likelihood of exposure to cyber theft and bank fraud.
2. The financial loss that can be caused by unauthorized operations carried out using stolen identity information.
3. The possibility of placing the victim in high financial debt as a result of unauthorized transactions made using stolen identity information.
4. The impact on the personal and professional reputation of the victim, as it can lead to a loss of trust in the victim by people close to the victim.
Practices to counter identity theft
1. Avoid disclosing personal information to any person or entity, whether by e-mail, phone or text message.
2. Avoid clicking on suspicious links in e-mail or websites, and always make sure that the site you are visiting is safe and reliable.
3. Update passwords regularly and use strong and unique passwords for each account.
4. Activate the security services available to protect personal accounts, such as two-factor authentication and alerts about unusual activity.
5. Regularly track financial accounts and check for unusual activities, and promptly inform the bank about any unusual activity.
6. Do not leave personal documents, credit cards or smartphones unattended in public places.
7. Avoid opening emails and attached files from unknown senders.
8. Use reliable antivirus and malware programs and update them regularly.
9. Check the security of the websites you deal with on a regular basis, and make sure that they use the encrypted HTTPS protocol.

General tips 
Password Protection 
Password is the first line of Defense for all your personal and financial accounts, and because the password is the key to your digital identity, it is necessary to understand the best security practices to protect your personal information from various cyber threats. Such practices include:
- Set a strong and unique password, a strong password must consist of at least 8 characters and include a combination of uppercase and lowercase letters, numbers and special symbols. 
- Avoid using common words, phrases and personal information, such as your name and date of birth Instead, use a combination of random words or a secret phrase that will be easy to remember.
- Ensure to use unique passwords for each account.
- Ensure to change the password regularly, especially for accounts that contain sensitive information such as bank or social media accounts.
- Do not share your password with anyone.

Two-Factor Authentication 
The Arab National Bank application for banking services supports two-factor authentication. Two-factor authentication adds an additional layer of protection when trying to log into a bank account. Which makes it difficult for hackers to gain unauthorized access to your bank accounts
The importance of two-factor authentication
The two-factor authentication feature protects the user from unauthorized access to his bank account even if his password is leaked.
How does two-factor authentication work?
Two-factor authentication verifies the login process through an additional factor besides the password such as a fingerprint, facial recognition, or an additional security code sent to the user's device (such as his mobile phone). Thus, the user has to enter this additional code to complete the login process.
Ways to activate two-factor authentication?
Two-factor authentication can be configured by one of the biometric factors such as fingerprint, voice or face fingerprint. Two-factor authentication may be configured through text messages with a code or verification code that arrives by e-mail or via SMS phone messages.
Among the authentication methods are 
- Something you know: like answering some secret questions that only you are supposed to know the answer to. 
- Something you own: such as having a two-factor authentication code sent to your phone in a text message 
- Something from you: such as a fingerprint, voice fingerprint or facial recognition 
Do not forget to activate the two-factor authentication feature on your Arab National Bank application to prevent hackers from unauthorized access to your bank account.
Risks of Public Networks
Public networks pose several risks to your security and privacy on the internet. It is possible that you will be exposed to one of these threats:
- Malware infection 
- Fraud
- Espionage 
- Theft and leakage of bank and personal data
To protect yourself from these threats, ensure to follow the below practices:
- Avoid using public networks or devices in carrying out sensitive activities such as internet banking or online shopping. 
- Be sure to update your antivirus software regularly 
- Set strong and unique passwords for all accounts.
- Activate the authentication feature on all your accounts and devices
Securing your Device 
1. Use strong and unique passwords that are difficult to guess.
2. Take care to periodically update your operating systems.
3. Install antivirus programs on your devices and be sure to update them to protect against the threat of malware.
5. Avoid leaving your devices unattended in public places.
6. Encrypt your data stored on your device.
7. Avoid entering passwords for your accounts in public places.
8. Set up automatic screen lock when non-use.
9. Take a backup of your data periodically.

Securing your Bank Account 
1. Use strong and unique passwords for your online banking accounts, and avoid using the same password for multiple accounts.
2. Keep your login information, such as username and password confidential and avoid sharing it with anyone.
3. Monitor your account regularly to detect any suspicious activities, transfers you didn’t make, and report any suspicious activity to the bank immediately.
4. Activate the two-factor authentication feature for your online and mobile banking accounts, which adds an extra layer of security to your account.
5. Use a secure internet connection to access your online banking accounts, and avoid connecting to the internet via open Wi-Fi networks.
6. be wary of fraudulent links you receive via email that ask you to disclose confidential or bank information. Arab National Bank will not ask you to disclose any personal data via e-mail.

Card Protection 
1-do not leave your credit card unattended, and be sure to store it in a safe place.
2-Avoid sharing your credit card details with anyone. 
3-Be careful with your online banking transactions. And avoid browsing sites that start with HTTP instead of HTTPS .
4-review your purchase transactions that have been made continuously to check for any unauthorized activities.
5-avoid sharing your credit card information via email or phone.
6-Be wary of phishing emails, and avoid clicking on any suspicious links or disclosing any personal information.

Secure Internet Banking 
1.    avoid logging into your bank accounts through public devices.
2.    Be careful of connecting to public Wi-Fi networks to log into your bank accounts.
3.    be sure to update your browser version.
4.    set a strong password for your bank account and be sure to change the password regularly.
5.    activate the two-factor authentication feature for your online banking accounts.
6.    do not open suspicious emails that ask you to update your bank card data or ask you to disclose sensitive data.
7.    use antivirus programs on your devices and be sure to update them constantly. 
8.    check your bank accounts and financial transactions made from your account, inform Arab National Bank immediately if you notice any unusual activity.

How to Reporting Cyber Incidents?
If you suspect any hacking attempts or security threats related to your bank account, or suspect that you have been subjected to a fraud attempt and disclosed confidential data, do not hesitate to report immediately by calling the dedicated toll-free number 8001160060)).