Security Tips

Don't use personal information
Do not use passwords that can be easily guessed, e.g. Children's names, birth dates, telephone numbers and so forth.

Keep your passwords private
Never write down your passwords nor disclose them to anyone.

Make it difficult
Your password should have a minimum of eight characters, be as meaningless as possible and use uppercase letters, lowercase letters, symbols and numbers i.e. 3Lpn58g4!!.

Change passwords regularly
Change your password at least every 30 days.

Password-protect your computer
Use a password on your computer to prevent unauthorized individuals from accessing your information.
If your password has been used or accessed by anyone contact the NBK Call Center immediately at 1801801 when calling from Kuwait, and by dialing +965 2224 8361 when calling from outside Kuwait

Never use public computers
Avoid using NBK Online Banking or any other internet sites which require the use of passwords at airports, internet cafes, libraries or other public places.

Disable the “autocomplete” function on your browser
The “Aautocomplete” function remembers data you have inputted, sometimes even passwords. The next person to use your computer could potentially gain access to all this information. The “Help” function on your browser will tell you how to do disable the “autocomplete” function. When your computer asks you if you would like “Save this password” you should always reject the offer to save your sensitive banking information.

Review your account statement online carefully and frequently
Make a habit of reviewing your banking information on NBK Online Banking on a regular basis. This is one of the best ways to notice and stop fraudulent activity.

Logging into NBK Online Banking

• Ensure when you log on to NBK Online Banking your connection is secure and always from a trusted computer
• Always log on to NBK Online Banking by entering the website address www.NBK.com into the address bar
• Never access www.nbk.com from a link in an email
• Never leave your computer or phone unattended while you are logged onto NBK Online Banking
• If you are leaving your computer, make sure you log off from NBK Online Banking

Updates and patches
From time to time, vulnerabilities are discovered on systems running on your computer. These weaknesses are regularly exploited by hackers to gain unauthorized access to those computers that have not been patched. Make sure to update your operating system and systems regularly to avoid these vulnerabilities.

Anti-virus software
Download anti-virus software to keep your computer and banking information safe. You may already be using anti-virus software but to be effective, the software should be updated on a regular basis with the latest virus definitions. 

A personal firewall is another program that helps protect your computer from outsiders on the internet. When installed, it stops unauthorized traffic to and from your computer. 

Upgrade your browser now!
There’s nothing worse than being in the middle of a transaction online and finding yourself unable to complete the process half way through. Such interruptions and technical issues can be avoided by simply upgrading your browser!

NBK Online Banking and NBK Salary Portal customers that use Internet Explorer to access these online services will need to ensure to upgrade their Internet Explorer (IE) browsers to IE 9.

This action should be taken by all customers, including NBK Corporate and Business Banking Customers for the best experience across NBK online services.

Phishing
Phishing refers to fraudsters attempts to “fish” for your personal details by using fake emails and claiming to be from NBK and so forth. In these emails, the customer is requested to provide their personal or financial information. Customers are led to believe the request is from NBK or a real company when in fact it is an attempt to collect customer information for the purpose of committing fraud. Once the fraudsters have collected financial information via phishing, they can abuse this information and steal funds from those accounts. They then recruit innocent individuals by placing different ads on the Internet. These recruits are known as “mules.” The bank accounts of the mules will be used to accept money transfers from fraudsters. Mules will be asked to withdraw the money from their accounts and forward it, minus their commission, to the fraudsters. The fraudsters may be able to stay anonymous but there is a trail to the phishing mules which can be followed by the authorities.

Be very careful about job offers which involve the acceptance and release of funds to a bank account in return for commission. Mules recruited by phishing fraudsters are money laundering and are likely to face criminal prosecution.
If you receive an email requesting you to re-register or re-enter sensitive details, delete it immediately and contact NBK on 1801801.

Viruses and worms
A computer virus is software that attaches itself to another program to survive and reproduce and can only run if the infected program is running. This can tie up resources such as disk space and memory, causing problems on any computer.
An email virus is the latest type of virus which is transported through email messages and usually attaches itself to all contacts on the victims email address book.

A worm is similar to a virus and infiltrates security holes on your computer. Once a security hole is found, the worm will attempt to replicate itself from computer to computer.

Trojans
A Trojan is a harmful program that can infect your computer. Some Trojans will claim to clean your computer of viruses but instead introduce viruses that make your computer vulnerable to attacks by hackers. 

Some tips on how to avoid Trojans:

• Never open unknown emails or attachments
• Install software from trusted sources only
• Scan your computer on a regular basis
• Use a firewall to monitor traffic to and from your computer while you are connected to the internet
• Install anti-virus software and keep it updated
• Download and install security patches for your operating system as soon as it is available 

Electronic fraud
Refers to email scams from fraudsters to obtain your banking and personal information and here is how it works:

You will receive an email appearing to be from NBK or another legitimate company in or out of Kuwait. The email may claim a number of different things such as: 

• There is a problem with your account
• Ask you to enter a contest to win a prize
• Ask you to subscribe to a service that will provide you with prizes and etc. 

You are then asked to provide your personal and financial information by completing an online form. The form requests a variety of information such as:

• Your credit card numbers 
• Your account number
• Your passport, civil ID number, etc.

Once you provide this information the fraudsters will have the necessary information on you to conduct a fraud.

Spyware and adware
Spyware is a type of software that secretly collects your personal and user information while on the Internet.

Adware is a type of spyware used to track visitors' habits and interests on the Internet. Adware can monitor the types of sites you visit, the articles read or the types banners you click on and so forth. Many times this information is sold to a third party for the purpose of marketing.

You can minimize your chances of downloading spyware onto your computer by:

• Never clicking on banners no matter how enticing they may appear
• Reading the terms and conditions when you install free programs or subscribe to services from the Internet
• Use up-to-date anti-spyware programs on a regular basis to scan your computer

Nowadays, smartphones are becoming increasingly popular and mobile banking platforms have made the banking experience one of the fastest and most convenient options. However, you should always follow the below tips:

• Restrict access to your phone with a password or PIN. Enable auto-lock option
• Keep all applications and Operating System of your phone updated
• Download the official NBK Mobile Banking App from trusted sources (App store or Google Play store)
• Do not click or download the NBK Mobile Banking App from any link received through email
• Do not save confidential information, passwords and PINs on your phone
• Limit the amount of personal details or contact information that you store in your phone
• If you lose your phone, report it immediately to your mobile service provider and the police. Also inform your bank to block your digital channel services
• Ensure to log out from and close your mobile banking app after use
• Do not click or download links received from unsolicited senders through emails or SMS
• Clear your mobile data frequently by deleting text messages from financial institutions, especially before selling, discarding or sharing your device
• Never disclose any personal information (such as account numbers, passwords, or personal information) via text message or social media
• Always use a secure network whenever possible, by ensuring that all internet connections are password protected

​ 

Identify real NBK emails from fraud ones and be the first to know about all our exclusive and special offers catered just for you! All you have to do is add NBK’s email to your safe senders list and know first-hand about our exciting offers.

Add newsletter@digital.nbk.com to your contact list now to join the excitement and benefit from our offers!

SPAM filters and ISPs
Your Internet Service Provider (ISP) or email client may be using spam filters to block emails and this can affect the receipt of emails from NBK.

If you believe this is happening, please consult the help section related to your email program below or contact your ISP directly to see how to reduce or remove the settings that filter or block email. This will ensure that correspondence from NBK will be accepted. 

If you are using Apple Mail:

1. On the toolbar at the top, click on the ‘Mail’ icon.
2. From the dropdown menu select ‘Preferences’, then click ‘Junk Mail’.
3. In the ‘Junk Mail’ pane, under the ‘exempt from junk mail filtering’ section, ensure ‘sender of message is in my contacts’ is checked.
4. Open the email message.
5. Click the dropdown menu on the sender details.

​If you are using Yahoo

1. Open the email message.
2. Click on the ‘Action’ dropdown menu.
3. Click on ‘Add sender to contacts’.
4. The name and email address from email are pre-populated in the Add Contact pop-up. Verify that the information in these fields is correct.
5. Click ‘Save’.

If you are using Google mail

1. Open the email.
2. Click on the ‘More’ in the dropdown menu next to the reply button.
3. Click on ’Add Sender to Contact List’.

If you are using Windows Live / Outlook

1. Click on the 'Settings' icon.
2. Click on 'Options'.
3. Click on 'Safe and blocked senders'.
4. Go on 'Safe Senders' and add our domain (newsletter@digital.nbk.com) to the list.

If you are using Outlook 2010

1. Open the email message.
2. From the dropdown menu select 'Junk'.
3. Select 'Never block sender'.
4. If prompted to confirm, click 'OK'.

If you are using Outlook 2007

1. Open the email message.
2. On the toolbar at the top, click on ’Safe Lists‘, then on ’Add Sender's Domain (newsletter@digital.nbk.com) to Safe Senders List’.

NBK is committed to providing you with a secure online experience – we offer complete confidentiality when it comes to your personal and financial information. We have placed a number of industry standard security measures to make NBK Online Banking a safe and secure online banking service.

NBK Secure Shopping
In an effort to continuously upgrade our services, NBK now offers a secure online shopping service!

If you are constantly worried if your credit card will be affected by fraud from your online purchases, NBK Secure Shopping is here to minimize this fear! NBK Secure Shopping is an online added security layer that protects credit cardholders’ online purchases from fraudulent use of their credit card. Learn more about NBK Secure Shopping.

Encryption and firewalls
Encryption prevents unauthorized users from accessing your account information on NBK Online Banking. NBK uses the highest level of encryption to protect your NBK Online Banking information.

When logging onto NBK Online Banking look for the padlock icon. A closed or locked padlock indicates a secure connection.

Look for: https:// at the beginning of the URL address. The "s" means secure.

Automatic time-out
NBK Online Banking uses a default timeout mechanism of ten minutes. After this time, the system automatically "logs" you off and ends your session. You will then need to log in again to access NBK Online Banking.

Account activation and additional security

• Account activation – To ensure your security and safety online, you will need to activate your account in order to conduct third party transfers, local and international transfers and bill payments online.
• One Time Password for beneficiary creation –Now, creating new beneficiaries or updating them on NBK Online Banking got better by the use of verification code, the most advanced security tool while transferring online.
• SMS notification – You will receive immediate SMS alerts on transfers and beneficiary creation.

• Check the validity of the debit/credit cards you plan to use
• Below is the list of banks you can safely use as identified and approved by NBK Fraud Division Unit
• This list is subject to change
   

• Ensure that you have sufficient credit card limit that covers all your expenses
• Prepaid and credit cards always come in handy when you’re traveling
• It’s also important to have more than one payment method in case of emergencies

Remember to activate the following:

• SMS service – For instant transaction and balance updated notifications on your mobile (if you change your SIM card you will not benefit from this service)
• NBK Mobile Banking app – A handy tool that will provide you with all your transaction details on spot as well as other banking services

• To avoid extra charges, always pay in the local currency of the country you are visiting
• Do not keep all of your credit/debit cards in one place
• Always check the ATM for any suspicious devices; if you notice any, refer to another ATM immediately
• Do not accept any help from strangers
• In case you lose or face any trouble with your credit/and or debit card call us on (+965) 22248361 immediately
• In case your Credit Card was stolen make sure you:
  • Call us Immediately to stop the card
  • Request for a replacement card
  • If you notice any suspicious transactions please ensure to fill out a claim form within a month of the transaction date
  • It is preferred that you report your lost/stolen credit card to the police
• Regularly track your spending’s through NBK Online Banking or NBK Mobile Banking
  • Some transactions only appear when the receipts are received from the merchant.
• To ease your banking experience, you can now reach us on our free numbers if you are visiting the below countries: (Click Here)
  • USA
  • UK
  • Canada
  • France
  • Germany
  • Turkey
  • Italy
  • Spain

• Change your PIN regularly
• Check all your credit and debit card(s) statements
• If you suspect any strange activity on your account, report to NBK immediately 

 When making a deposit, ensure that:

• Cash is only handed over to tellers who will in turn acknowledge the deposit by giving you a stamped and signed receipt
• You keep your copy of all related paperwork for future references
• Deposits made by third parties are immediately confirmed
• That you do a regular review of your account statement for accuracy

Check fraud occurs when a fraudster uses a stolen or counterfeit check to pay for goods and services. 

Some common types of check fraud are described below:

Falsification of a Check

Check forgery occurs after the fraudster intercepts the customer's checkbook. This category consists of the fraudster imitating a signature, changing the amount or replacing the name of the payee using scratching or erasing technique.

Fraudulently Altered Check 

A fraudulently altered check is a genuine check that has been made out by the payer, but a fraudster has altered the check somehow before it was paid in, e.g. by altering the beneficiary/ payee’s name or the amount of the check.

Counterfeit Check

It is about creating a fake check from scratch, whether or not issued from an existing bank. This type of fraud is often the most elaborate form, because it consists of reproducing an identical check in all of its visual aspects: watermark, dimensions, alignment, impression etc.

Key Advice

Always Remember to:

• Keep checks in a secure place
• Do not sign checks in advance
• Ensure no checks are missing, particularly from the middle or towards the back of the checkbook when you get a new checkbook 
• Inform the bank immediately if any check is missing
• Make sure to send checks securely and avoid using window envelopes when sending them in the post
• Don't leave too much blank space in front or after the payee’s name or the amount written in words or numbers and draw lines at the end
• Remember to cross your check by drawing 2 parallel lines whenever applicable on the front to prevent it from being misused
• Settle your bank account regularly and report any unusual transaction
• Beware as there's a chance that money credited to your account from a check could be reclaimed in case the check is stolen or counterfeit and can result in a criminal case
• Try using your bank’s digital banking services when possible instead of issuing checks 
• Ensure cancellation of checks having errors, over-writing and destroy all such spoiled checks
• Notify NBK if you have not received an ordered checkbook
• Register your mobile number for SMS Service in order to receive instant alerts about any transaction on your accounts 

Identity fraud is where a dishonest person will gather your personal details in order to conduct a fraud which will financially hurt you. These fraudsters can obtain your personal information in a number of ways, via telephone scams or on the internet.

The following can be used to assume your identity:

• Your date of birth
• Your address
• Your civil ID number or other identification numbers
• Your mobile phone number
• Your banking information

To protect your identity we recommend the following:

• Immediately report any loss or theft of your important documents such as your civil ID, passport, driver’s license, credit card etc.
• Keep your financial and personal documents in a safe and secure place. NBK safe deposit boxes are available for your use
• Do not keep your ATM PIN number in your wallet
• Never provide personal information on the phone or emails to anyone who calls or emails you

Fraudsters call you using internet by modifying the caller ID to 1801801 and impersonate as NBK staff. They then try to seek your card numbers, PIN, account number, online banking password or other account related information giving various reasons such as updating their system records, etc. to mislead you.

You may also receive a fake call from unknown number stating that you have won a lottery or a cash prize on your card or phone number. The fraudster then will ask for your card number and PIN for confirmation, which then will be used for conducting fraud. The fraudster may also ask you to transfer some amount of money towards processing fee to claim the prize and you will never hear from him thereafter.

Tips to protect yourself from phone fraud:

• Establish the identity and motive of the caller before engaging in further conversation with the unknown caller
• Be wary of any suspicious calls seeking your personal sensitive information
• Do not disclose or reveal any personal sensitive information related to your banking services such as card numbers, PIN or WOL passwords etc. NBK will never ask you for any personal sensitive information
• Always check your account balances and monitor your account statements to identify any unauthorized transactions
• Report any SMS alert received for a transaction not done by you at 1801801 or to +96522248361 if dialing from outside Kuwait 

What do you do if you have fallen victim of a fraud?

Report the incident immediately to NBK by calling 1801801 even if you have already disclosed personal sensitive information relating to your card, account or online banking.

Business Email Compromise (BEC) or Invoice Fraud, as it is called sometimes is a type of payment fraud that involves compromise of legitimate business e-mail or creating lookalike domain name accounts for the purpose of conducting an unauthorized funds transfer.

Fictitious Funds Transfer Requests From Suppliers or Business Partners:

• A fraudster compromises the email of an employee of the target company
• The fraudster monitors emails of the business user, looking for supplier invoices
• The fraudster finds a legitimate invoice and modifies the beneficiary information, such as changing the IBAN / account number to which payment is to be sent
• The fraudster disguises the vendor’s email to submit the modified invoice. It doesn’t require compromising the supplier’s email system, but instead sends the invoice from an email address that is so close to the domain of the vendor, that most people would miss the change; for example, @companyABDC.com instead of @companyABCD.com or example.com into examp1e.com or example.co
• When the company receives payment requests and fake invoices through emails, they would recognize the supplier’s name and services provided. So they would process the invoice and submit a funds transfer request to them for payment

 
Fictitious Funds Transfer Requests From Executive Staff:

Such scams may also involve a fraudster compromising the email account of a Senior Executive (CEO, CFO, etc.) and send a funds transfer request from the compromised email ID to the accounts department staff.

How to Minimize Your Chances of Being a Victim to Fraud:

• Increase awareness amongst your Finance/ Account Departments staff
• Look for the validity of email IDs (spelling and disguised IDs) of the sender requesting the funds transfer
• Always enquire about funds transfer requests to any new beneficiary account information
• Look for change in payment request patterns (out of cycle, different currency, high value) for known suppliers
• Get a telephonic confirmation from the sender of the email who could be your suppliers or company executives, before instructing your bank to transfer the funds
• Protect your company domain or servers by enhancing the security infrastructure

Digital or mobile banking has made the banking experience conveniently accessible from anywhere, making it increasingly popular. As adoption of mobile banking services increases, criminals try to misuse these services: 

• Fraud occurs when fraudsters contact your mobile service provider and request a replacement SIM (SIM swap) usually by impersonation 
• Using your replaced SIM card, they can call your bank and obtain access to your bank account
• Fraudsters can create beneficiaries and fraudulently transfer funds from your account

 
​Tips to Prevent SIM Swap Fraud: 

• Contact your mobile service provider immediately if your mobile phone loses network connectivity unexpectedly
• Contact your mobile service provider immediately if you have not received calls or SMS notifications for sometime 
• Contact your mobile service provider immediately if you receive “SIM not registered” or “SIM replacement” notification on your mobile phone
• Keep track of your online banking transactions and bank statements. In case of discrepancies or irregularities contact your bank
• Register for the SMS Service alert or receive notifications via email regarding any activity in your bank account 

Please beware of investing in fake or worthless shares through fraudulent websites. Such entities lure victims with dishonest techniques to steal money. They may also try to get you to invest in virtual currencies such as Bitcoin or so-called Cryptocurrencies, or unlicensed financial investment activities such as Forex trading. 

• Be careful of any investment opportunity that makes exaggerated earnings claims
• Exercise due diligence in selecting investments and the people with whom you invest — in other words, do your homework before investing your money
• Consult an unbiased third party such as an independent broker or licensed financial advisor before investing

You could be the victim of fraud communication. You might receive an SMS message claiming that your NBK Debit Card is blocked, deactivated, or that your bank account is locked.

You might receive an SMS message with instructions to call a specified number to reactivate your NBK Debit Card or bank account.

During the call, scammers may pretend to be bank staff and ask for your personal information, banking details and One-Time Password (OTP).

Such information allows scammers to make unauthorized transactions from your bank accounts.

What You Can Do:

• Beware of unsolicited messages or calls from persons impersonating as staff from banks. Scammers may use Caller ID spoofing technology to mask their actual phone number and display the bank’s number.
• Do not disclose your banking details such as account username, Personal Identification Number (PIN) or One-Time Password (OTP) to anyone through phone, email or SMS.
• If you receive a suspicious call or message from your bank, hang up and call the hotline published on the bank’s website to verify the authenticity of the request. Do not call the number provided by the caller or sender.

You can contact the NBK Call Center at 1801801 when calling from Kuwait, or +965 2224 8361 when calling from outside Kuwait regarding internet security issues.