Information Security Awareness
Information is a critical asset for HBL. We recognize that information assets must be protected from unauthorized use, disclosure, modification, damage and loss because it has a significant impact on the delivery of services.
The security threat landscape changes constantly, with malicious hackers developing new ways to compromise your systems. It is important to keep your information safe from strangers/criminals who could potentially harm your financial well-being and reputation. Enhancing information security awareness will defend against some of the most common types of attacks.
Phishing is an illegal attempt to acquire sensitive information. It is done for malicious reasons by impersonating a trustworthy entity in an electronic communication, where you receive an email from a scam artist attempting to obtain your sensitive information such as your password, National ID Card number, date of birth, credit card information and/or bank account information. You can avoid this type of scam by taking following measures:
Do not respond to emails requesting confidential information
Be cautious when opening attachments, especially executable files
Do not click on any link within an email. Instead, always type www.hblibank.com.pk
to access HBL InternetBanking
Do not call phone numbers within suspicious emails. Instead, call HBL PhoneBanking at 111-111-425 and visit our website www.hbl.com for more details.
Pay close attention to the URL to check if it is bank’s official page starting with ‘https://’ and that the lock icon appears just before the URL.
Vishing & Smishing
Vishing is a telephone call claiming to be from a legitimate company requesting your sensitive information.
Smishing (SMS phishing) is a form of criminal activity using the mode of SMS to mislead the recipient by sending a fake link on SMS which contains some virus.
The objective is to hack the data of your phone or try to acquire personal information such as passwords, date of birth, mother’s maiden name and details by posing as a trustworthy entity. You can protect yourself against these attacks through the following measures:
Be careful while answering unsolicited phone calls. Don’t share any personal or bank’s confidential data with anyone unless you are certain about the person’s authority.
Avoid clicking links within SMS, especially if they are sent from unknown persons. But, be aware that attack messages can appear to come from someone you know, so think before you click.
Don’t respond to text messages that request private or financial information from you.
If you get a message or call that appears to be from your bank, or other entity that you do business with, contact that business directly to determine if they sent you a legitimate request.
If a text message or telephone call is urging you to act or respond quickly, stop and think about it. Remember that criminals use this as tactic to get you to do what they want.
Never reply to a suspicious text message without verifying the source.
Never call a phone number from an unknown texter.
Mobile computing refers to a variety of devices that allow people to access data and information from wherever they are. Information security is especially important for people who work remotely. Following are the precautionary measures for secured mobile computing:
Don’t store sensitive information or passwords on mobile devices including laptop.
Be cautious about working with sensitive information over wireless. Most wireless connections are not encrypted, so your information may be leaked or exposed.
Set devices to “ask” before joining networks so you don’t unknowingly connect to unsecured wireless networks.
Card Skimming is an illegal way of capturing banking card details from the magnetic strip on the back of an ATM and Debit/Credit Card. Look at the ATM Machine carefully before you put your card inside the machine. A few of the warning signs are listed here:
You notice something unusual on the ATM Machine e.g. an attached device
You notice unusual or suspicious transaction on your account or credit card statement
A shop assistant takes your card out of your sight to process your transaction
You are asked to swipe your card through more than one machine
There are various ways to reduce card skimming risks. Few of them are listed below:
Inspect highlighted areas of the ATM for anything unusual
Always use your hand to shield your PIN when entering it
Inspect the front of the ATM for unusual or non-standard appearance like scratches, marks, loose wires, glue or tape residues that could be indicators of tampering.
Touch the keypad, customer card entry slot, and lighting diffusers to check if they are a little loose or are fake overlays.
Report anything that looks unusual immediately to the HBL Phone Banking at 111-111-425 or the nearest branch of HBL
Securing Non-Digital Data
Non-digital data means a physical representation of information including but not limited to photocopies, printed papers, hand written notes and verbal communication, which are not readable on a computer and/or similar devices.
Attackers can also retrieve necessary data from the trash etc. where you dump your expired or blocked Credit/Debit card, statement of accounts, credit card statements, CNIC copy, blocked cheque books etc. Therefore, it is important to dispose off your confidential documents securely so that no one can misuse your confidential data.
You can view Secure Practices - Pakistan Banks' Association (PBA) video here