(a) General Security Tips
- To ensure your Internet Banking sessions are secure, KFH Malaysia recommends that you follow these simple security tips. Some of the most effective things you can do to protect yourself are simple to do. Here are some steps you should take.
- Never divulge or reveal the TAC generated and the serial number of your Security Token.
- Do not let others to keep use or temper with your One Time Password (TAC) Security Token.
- Disconnect from the Internet when not in use
- Do not share or write any of your account number, credit card number, PIN and/or passwords
- Change your passwords on a regular basis.
- Choose strong passwords using a combination of lower & upper case letters, numbers and special characters.
- Sign off and/or Log-out. Don't just close your browser.
- Set a screensaver password
- Log in regularly to monitor your transactions
- Be aware of your computer's vulnerability
- Disable File & Print Sharing
- Don't use the same password to access all sites that require a username and password. If you use a common password across different sites, application or services then use different passwords for different classes of sites with different sensitivities.
- Don't click on a link unless you know where it goes, and get in the habit of cutting and pasting links.
- Shop with reputable dealers and be alert to fake websites:
- Think about whether the site has the "look and feel" of security.
- Use other means, such as the phone, to verify, if necessary.
- Avoid opening, running, installing or using programs or files you have obtained from a person or organisation that you do not know you can trust. Be particularly careful of unsolicited emails containing file attachments.
- Practice online "stranger danger" - if you have not met the person then be careful about trusting them.
- Always assume that a computer that you do not control (eg in airport terminals, cyber cafes or conferences) is unsafe for you to use for sensitive activities such as online banking.
- Never accept links or redirections from other websites or media for the purpose of logging into the KFH Malaysia website.
- Set your Password is not less than 8 digits or 8 alphanumeric characters without repeating any digits or character more than once.
- Don't select the browser option for storing or retaining your Username and Password.
- Check the authenticity of the Bank website by comparing the URL address.
(b) Anti-Virus protection
Run an anti-virus program on your computer on a regular, frequent basis to prevent computer viruses and worms from entering your computer system. Purchase programs that automatically upgrade your virus protection on a regular basis.
Learn about computer infections and be aware of the latest computer threats and other malicious programs designed to damage your computer or steal your personal information.
Don't open e-mail or e-mail attachments from unknown sources. Scan e-mail through your anti-virus software first.
Never double-click on an e-mail attachment that contains an executable file (such as '.exe' '.com' or '.vbs', etc.) unless you have run anti-virus software first. If a file is infected and opened, the virus can damage your hard drive, program files, and e-mail files.
(c) Beware Of Spyware
Spyware is a piece of software inserted in your computer that collects information about you and your Internet traffic. It is stored in your computer (with / without your consent) and typically bundled with free downloads, freeware or shareware programs you download from the Internet. Spyware is similar to a Trojan Horse because it is installed when the user installs another program. Spyware is also considered a form of 'malware' (malicious software) intended to cause harm to your computer and invade your online privacy.
Spyware is the term used to describe programs that run on your computer for the purpose of monitoring and recording the way in which you browse the web and the internet sites you visit. For example, spyware can combine information about your online behaviour with that of many other users in order to generate market research data. This information can be bought and sold by companies interested in improving the way websites are designed and how the internet is used.
Spyware can be used maliciously to gain access to your passwords, PIN, card numbers and Internet browsing history. Adware and spyware may also increase the risk of identity theft as the programs may have the ability to monitor keystrokes, scan files on your hard drive, change your default homepage on your browser, and relay information about your web visits for marketing purposes. They can also slow down your computer by consuming system resources leading to system instability or a crash.
Since most common anti-virus software cannot always scan or remove adware or spyware, special software must run regularly to remove threats and keep malicious programs off your computer.
(d) Personal Firewall
Install firewall software on your home and networked computers to prevent unauthorized individuals from gaining access to your computer system to use files, obtain personal information or to destroy computer data. This is especially important on computers that use a broadband connection to access the Internet (Cable modems or DSL). Since your Internet connection is on when your computer is on, the risk for malicious activity to your computer increases.
A firewall is another small program that helps to protect your computer and its contents from outsiders on the Internet. When properly installed, it stops unauthorised traffic to and from your computer.
Download the latest security patches and operating system updates to your Internet browser as well as the latest anti-spam software.
Do not select the option auto save on browsers for storing or retaining user name and password when logging into online banking
(f) Navigate Safely
Navigate the Internet safely to reduce the likelihood of online fraud.
(g) Avoid fraudulent websites
- Always enter the website address "http://www.kfh.com.my" directly into your browser address bar before you login to ensure that you are on the legitimate website instead of clicking on the link directly. If you suspect a website is fraudulent, leave the site.
- Click log out when you have finished your banking session. Do not just close your browser window.
- Do not follow any of the instructions it may present to you.
- Do update KFH Malaysia when you change your contact details. This will enable us to contact you in a timely manner if we detect unusual transactions.
(h) Software Patches
From time to time, vulnerabilities are discovered in operating systems and internet browsers. Before the publisher can release a security patch to correct these weaknesses, they can be exploited by virus writers and hackers to gain unauthorised access to those computers that have not yet been patched.
To check for patches and updates you should visit the publisher's website, typically in their Download section.
(i) Email Security
Email Do's & Don'ts
- Never respond to or click on a link in a suspicious email.
- Opening or clicking on a link could place a virus on your computer which can later capture your personal information.
- Inspect the logo used in emails and compare it to that used on the legitimate Web site. Look for any discoloration or disfiguration of the logo.
- If you receive an email that warns you that an account will be closed or online access will be terminated unless you reconfirm your billing information, do contact KFH Malaysia using a telephone number or Web site address you know to be genuine.
- Take the time to ask whether this is the type of action KFH Malaysia would ask you to take.
- Avoid sending personal financial information over the Internet unless you are sure you are on a secure site. Look for the padlock icon on your browser's status bar.
- You may also wish to contact your Internet Service Provider for support in blocking emails or subscribing to a spam filter they may offer.
(j) Do Not Use Public Or Shared Computers
You are responsible for keeping your password and/or PIN confidential. You should not use public or shared computers like those in internet cafes, airport terminals or even computers belonging to someone else for Internet Banking, you may be open to harmful or specific software programs housed within these computers, which could capture your personal information.
(k) Protect Yourself Offline
Never give out personal information to anyone on the telephone or from a web site unless you have verified the credibility of the source or have initiated the call, by phone and online. Reputable companies won't ask you for your password, PIN or other personal information through e-mail. KFH Malaysia will never ask you for your password and/or PIN and you should contact KFH Malaysia if you receive unusual email or telephone inquiries for personal information.
Do report lost or stolen cards immediately.
Review your bank statements for unauthorized transactions or withdrawals and notify KFH Malaysia immediately if you suspect any discrepancies on your statement.
(l) Wireless Networks
You should set a password for your wireless point. This will prevent unauthorised users from accessing and using your wireless connection.
Disable broadcasting to your network name (SSID-Service Set Identifier) to prevent casual surfers from detecting and connecting to your wireless network.
You should use encryption on data transmission to protect your wireless network.
You should allow only registered machines for your wireless network. You may also wish to contact your Internet Service Provider for support in blocking emails or subscribing to a spam filter they may offer.
(m) Pop-Up Ads
Pop-ups are unsolicited advertising that appear as a "pop-up" window on your computer. These pop-ups can be created to look like a Bank's request for personal information. You can set your computer preferences to block pop-ups, and you can also request spam-blocking programs from your Internet Service Provider.
(n) Online shopping
Online shopping is becoming more and more popular and convenient but there are issues to consider before you decide to buy goods and services over the internet. While the vast majority of virtual transactions are safe and secure, fake shopping sites are not unknown.
- Enter your card details on secure websites only - these are identified by a padlock or key symbol and a site address that changes from `http' to `https'
- Be careful about providing your account and card details to third parties. If you are at all unsure about buying something from any third party, do not proceed
- Never disclose your card password and/or PIN to any online seller
- Poor grammar or spelling on an email or website may indicate a scam is being attempted
- Remember - there is no guarantee that you will receive any item as displayed or described in an advertisement or from public auction sites
Whether buying or selling, it's always important to know who you are dealing with. And remember - giving your account details to an unknown third party may lead to identity theft.