Glossary of Security Terms

Your password is your key to access Internet Banking. If it is in the hands of someone else, it means that your accounts are also in the hands of someone else.

• In order to log into Internet Banking use only the Internet Banking "Login" button on the address www.qnbfinansbank.com.
• Use the " High Security SMS Password(One-time Password)" that QNB Finansbank Internet Banking has included for your security. A High Security Password that is an one time generated password and is sent to your mobile as an SMS, provides an additional layer of security along with your customer number and password used on login. Also by using the High Security SMS Password for money transfers, you can ensure that transfers are only done with your knowledge.
• Use the Virtual Keyboard, and prevent your password from being captured by keyloggers.
• Do not share password information with others, your password is your security. It is the key to your account.
• Do not use personal information based passwords, and avoid passwords that can easily be guessed like birth dates, age, etc.
• Change your password periodically; regular changes will enhance your security.
• Do not note down your password on your computer or browser or any place that can be seen by others in your place of work, office, etc.
• While you are entering your password on the screen, make sure others do not see what you are typing.
• When you have finished with your transactions on Internet Banking, do not close your page with the close (X) button of your browser but close by clicking the << Log Off>> button.

Attacks coming from the Internet are possible due to the bugs and weaknesses in your software. In order to repair these breaches, software companies offer updates and patches. Through regular updates, you can maintain your security against attacks that seek to establish unauthorized access to your computer by exploiting software weaknesses.

• Update your computer regularly to fix security breaches.
• Visit the address windowsupdate.microsoft.com for Microsoft updates.
• Use licensed software, do not download free software, and do not use pirated software.
• Do not use Internet Banking on shared computers, or in Internet cafes.
• Connect through computers that you are sure are secure.

There are tens of thousands of viruses loose on the Internet; while these viruses can damage your computer or render it useless, they can also steal your personal information. For protection, use Anti-Virus software programs.

• Use licensed Anti-Virus programs.
• While anti-virus programs can detect existing viruses, they may not be able to identify new ones. For this reason, update the licensed Anti-virus program you are using with new patches and versions regularly.
• Do a virus scan on your diskettes, CD-ROMs, USB Drives and e-mails. For detailed information, review the information provided with Symantec-Norton, McAfee, or Sophos products.

A firewall provides protection against attacks from the Internet. You can guard your computer against unwanted attacks and access by using a firewall.

• Follow Firewall instructions for your PC and Internet connection.
• If your modem has a firewall option, use it, otherwise you may choose a software solution (Symantec, Blackice).
• By identifying the connections and access options you do not want, you have the option of preventing connections that might be harmful before they get to your computer. If you have a firewall, utilize its Network Address.

Communicating via e-mail over the Internet is not secure. Click here for secure communication.

• Do not use your passwords for e-mail programs as your Internet Banking password.
• Do not follow the links that come with e-mails, don't enter the information requested from you on pages you access through such links. E-mails from our Bank do not include links to pages that request information from you. Any mail from our Bank will contain links only pages that give you information.
• For e-mails that look like they have been sent from QNB Finansbank but you suspect to be fraud, you can let us know through 444 0 900 QNB Finansbank Telephone Banking which is available 24 hours a day. Do not answer any e-mail asking for your personal information (ID, Internet Banking account, Credit Card, etc.). QNB Finansbank never asks its customers to provide or update their information by e-mail. If you receive an e-mail asking for your personal information, call +90 850 222 0 900 QNB Finansbank Telephone Banking without opening the e-mail.
• Erase e-mails from senders whom you don't know without opening them or downloading anything.
• Do not run a file attached to an e-mail in order to run an application.
• Run a virus scan on the files that come with e-mails, before downloading them.

As Internet usage has increased during the past few years, there has also been an increase in fraud cases as well and new methods have emerged. Click here for methods of online fraud.

• Phishing:

  Phishing is one of the most common and dangerous Internet crimes. These attacks aim to steal the information the individuals or companies use to make their financial transactions. They send an e-mail prepared to look like it is coming from a bank, card company or a financial company, to all e-mail addresses they can get. The e-mail is about updating of customer information or password change and it includes links to pages that look identical to the original company pages. Some customers, without realizing the danger, answer these e-mails providing the requested information. As a result, customer's personal information and passwords are stolen.

  What kind of information is stolen with phishing?

  Credit card and /or debit/ATM card numbers and CVV2

  Passwords and PINs

  Bank Account numbers/Customer numbers

  Online Banking Log-In/Password information

• Advance Payment or "Fraud 419":

  These are e-mails that offer the recipients a generous amount of money in an imploring/requesting fashion if he/she agrees to help transfer immense sums of funds, usually in American Dollars. These funds may be claimed to be company profits, accumulated bribes, unspent government funds or the unclaimed money of a deceased person.

  They are after your bank information. Transfer process usually requires the recipient to make a payment as fee/tax/bribe to complete the transaction. Such payments are stolen.

  A recent tactic has been to take the recipient to a fake bank web site and show an account with tens of millions of dollars so that the recipient is convinced the money is ready for transfer. This money does not exist in reality. It is also common to use the recipient's bank information for other kinds of fraud.

• Lottery Money:

  The recipient is sent a letter or e-mail saying that he/she has won a lottery prize. The recipient is required to reply in order to claim the prize. Then the bank information is requested for transfer. A service fee is also requested. This fee will be stolen if it is sent. It is highly probable that the bank information provided will also be used for other kinds of fraud.

• Virus hoax e-mails:

  Most of the e-mails warning of viruses are false messages sent to create disturbance and disruption.

• Trojans, Key-loggers, and Screen Loggers:

  Viruses known as Trojans are used to remotely control the user's computer. Generally they consist of two modules. While the first module enables the hacker to access the customer's computer and control them, second module creates an open door to make a connection between the hacker and the customer's computer.

  Trojans cannot be installed without the consent of the user. Files with .ini or .exe extension may include a Trojan.

  Key-loggers can basically be defined as small programs that regularly transfer data to another computer without the knowledge of its actual user. Hackers use one of the existing keylogger programs or write a small keylogger program and send it to various computers. After the keylogger does its own installation in the remote computer, usually without being noticed, it starts working and sends the data it records to the hacker periodically. It usually records any keyboard movements and transfers them. Screen Loggers and key-loggers are based on the same logic, but the data sent is not only the keyboard information but also screen shots. With the click of the mouse on the screen, a picture is taken of all of it or a part of it (usually a mouse-centered small rectangle) and sent to a fixed address.

  Hackers can capture customer information for fraudulent using programs such as Trojans, key-loggers, and screen loggers.