Download app

 

Internet Banking Tips

What is Phishing?

One of the most common threats that Banks face today is "Phishing". It is an attempt by fraudster to gather a person's confidential information through email that appears to be sent by the Bank. This email consists of a link that leads the user to a fake website of the bank and encourages the user to enter his user name and password.

How does phishing occur?

Phishing comprises a sequence of steps, wherein the sole purpose of the phisher is to lure a user into giving his/her personal details. A phishing attempt usually comprises of:

  • Setting up a duplicate page of the online banking website of a bank. A generic email is drafted which has the look and feel of an official email from the bank. This mail has the link to the duplicate page in it.
  • This mail is then sent in bulk to multiple users, luring them to go to the duplicate page and enter their banking credentials.
  • Once the user has been lured to the website, he then enters his credentials, which in turn is sent phishers.
  • It should be noted that phishing has evolved significantly over the years. A phisher would use voice, sms and basic social engineering techniques to gather information for his acts.

What is a phishing email?

  • It is very important to note that, the bank will never ask an individual for his details via email or over the phone. Any email or phone call asking for personal banking information should be ignored or deleted as it can be a phishing attempt.
  • A careful study of a phishing mail can let out a telltale sign that the mail is not genuine.

How to differentiate between a phishing website & actual website?

Here is an example of a phishing website and the original website. Here we can identify certain characteristics that will help point out which website is a fake.

PHISHING WEBSITE

qib-internet-banking-phising-website-example



ACTUAL WEBSITE

qib-internet-banking-actual-website-example

How does QIB handles phishing attacks?

  • Qatar Islamic Bank takes all phishing attacks very seriously and liaises with concerned authorities to bring down the phishing website.
  • QIB scrutinizes each fraudulent email that is submitted to them.

Tips to avoid phishing

  • Always remember the address of your Internet Banking website and type it in the browser rather than clicking on any click received via email from someone.
  • Never disclose your banking details such as card number, cvv number to anyone even if they claim that they are from QIB or QCB.
  • Avoid accessing the Internet Banking site from a shared computer. In case it is being used from a shared computer, then change your password immediately after access the website.
  • A click on the 'padlock' icon in your browser will give you the details on the digital certificate being used for securing the site. This is one way of proving the genuineness of a website.
  • In case of data entered on a fraudulent link, one has to immediately change their Internet Banking website and contact the customer care to report the incident.

What do I do if I receive a phishing email?

If you receive an email asking you to update your personal information (internet banking username & password, date of birth etc) under the pretext that you internet banking account is about to expire or for any other reason:

  • DO NOT respond to the email or click on any of the links or attachments in the email
  • Forward the email to infosec@qib.com.qa . Please note that, you will receive an automated response from this email address and also do not include any confidential information such as your username or PIN while forwarding the mail to this address
  • In case of any further assistance, contact the Customer Care immediately @ 4444 8444.