MUSCAT, 25 October 2017 – Bank Muscat, the flagship financial services provider in the Sultanate, as part of its 'Let's Do More' vision and commitment to ensure the highest levels of security for banking transactions, has urged customers to follow secure banking tips frequently communicated through various channels. Drawing attention to the dangers of identity theft and financial fraud, the bank asked customers to remain alert to identify fraudulent methods such as phishing, smishing, vishing and social engineering in which gullible victims fall prey to financial loss.
From time to time, individuals receive calls from fraudsters claiming to be officials from the bank or well-known companies, telling them that they have won prizes offering large sums of money. To claim the prize, they are asked to divulge personal bank information like debit / credit card numbers, PINs, mBanking user ID, passwords and one time passwords (OTPs).
Bank Muscat wishes to alert customers on these scams and advise that they must never entertain calls from people they do not know who claim that they have won prizes in competitions or prize draws they have not participated. Bank Muscat never asks customers for this kind of information over phone. The bank cautioned customers that under no circumstance, they should divulge account, card or secure PIN numbers. Any attempt to do so could make people subject to fraud, the bank said urging customers to be cautious and not to share any personal banking information with anyone on phone, email or social media.
Phishing is an attempt to obtain sensitive information such as usernames, passwords, and debit / credit card details, for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing is usually done by sending emails that seem to appear to originate from credible sources, the bank noted.
Of late, fraudsters are targeting to cheat people through Vishing in which scammers contact people over the phone to extract confidential personal information. Sounding an alarm, the bank said that customers should be able to identify a genuine call and vishing in which financial information can be misused. Fraudsters employ vishing to make themselves look like genuine callers such as bank officials or officials in authority and deceive customers to divulge confidential personal bank information.
Smishing is another type of fraud that uses mobile phone text messages to lure victims into calling back on a fraudulent phone number, visiting fraudulent websites or downloading malicious content via phone or web. Fraudsters send SMS intimating people of winning prize money, lottery and job offers, requesting them to share their card or account credentials. Unaware, gullible victims follow instructions to visit a website, call a phone number or download malicious content. Confidential information taken from people is then used to conduct fraudulent transactions from their accounts, causing financial loss.
To protect themselves, customers should never share personal information or financial information via SMS, Whatsapp, phone or email. They should not follow instructions as mentioned in SMS sent from untrusted source and delete such SMS immediately. If customers receive any urgent communication asking for personal information, they should ignore such messages.
For secure mobile and online banking transactions, customers must create strong passwords and change them regularly. They must report a lost or stolen phone immediately to service provider and authorities. If customers are not getting SMS or email alerts for transactions, they must contact the bank. They must be cautious while using Bluetooth or WiFi in public places, as intruders may access confidential data and information. Customers must regularly check account statements to detect any unauthorised transactions.
The bank urged customers never to share mBanking ID, MPIN, OTP, debit / credit card numbers, pins or other confidential information over phone, social networking or internet. They must not transfer funds without due validation of the beneficiary or recipient as funds once transferred cannot be reversed. They must not store sensitive information like credit/debit card details, user ID and password of Internet and mobile banking on phone. They must promptly inform the bank when contact information like mobile number, email ID and contact address change.
To enhance the security of financial transactions in eChannels, the bank requires a One Time Password (OTP) which is received via SMS for mBanking or generated in a hard token for Internet Banking. This OTP is used one time only and is for financial transaction. Never give this OTP to anyone for transaction.
Bank Muscat reiterated that customers should always exercise caution and must never divulge their password or personal identity number (PIN) linked to cards, mobile banking, online banking or any other service either through email or phone or social media. The bank under no circumstance asks for such confidential information.
Generally customers should never respond to suspicious e-mails, automated calls or text messages. Personal information should never be shared on social media sites. Whenever contact details change, the same must be updated with the bank to ensure customers continue to receive transaction alerts.
Bank Muscat is committed to facilitating secure and convenient transactions at all touch points, including branches, ATM/CDM, mobile banking and internet banking. Driven by the latest technology, the bank ensures that transactions on all these channels are highly secure and convenient.