Online Security Threats

Phishing is a form of fraud in which the hacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels. As an example, an attacker can deceive the target by sending an e-mail message claiming to be from a company or a person who is previously well-known to the recipient of the message (Target), this is done in several ways, most notably:

  • Request the Target for some personal information such as bank accounts, passwords, credit card details.
  • Request the Target to do some business actions such as wiring money
  • Request the Target to visit a malicious link that is attached in the email.
  • Request the Target to open attached files that actually contain malicious software and attacker usually sends such malicious software attachment by known file formats such as MS Office documents (word, Excel, etc), PDF, Compressed files such as Zip files.

How to be protected from phishing:

  • Beware of Emails that ask you to update your personal information or financial information or provide an urgent confirmation even if these Emails come from a known and trusted sender.
  • Beware of clicking any electronic links attached in Emails even if these Emails come from a known sender. These links might be malicious and harmful.
  • Make sure always that the sender is already a trusted and well-known to you and you used to receive this type of Emails from him/her.
It is a part of electronic spam involving almost similar emails sent to many recipients by email or SMS. The emails and SMS may contain masquerading links that appear to be for well-known websites but actually these links lead to phishing websites or sites that are hosting malicious software.

How to be protected from spam:

  • Clients can prevent getting spammed by avoiding unfamiliar emails and keeping their email addresses as private as possible
  • All modern browsers and email clients have built-in facilities to block illegitimate pop-ups and filter spam and phishing traffic. So, make sure that these facilities are activated on your browser. Any spam that gets through the filters should be deleted. Also, you should never reply to, or click links in, suspected spam or phishing emails.
Typo squatting or cyber-squatting refers to spoof websites that are set up to look exactly the same as the genuine company website. The sites are accessed by typing the bank address with various minor typing errors. For example, instead of www.icap.com.sa the fraudsters might set up sites at www.iacp.com.sa and rely on customers arriving here through a simple spelling mistake “iacp” rather than “icap”.

How to be protected from typo-squatting:

  • To avoid being caught by this type of scam you should always type the URL (the website address) into the address bar and check that it is correct before you enter your E-Trading details.
This malicious software has the ability to record every keystroke you make through your keyboard to a log file. A key logger can record instant messages, e-mail, and any information you type at any time using your keyboard. The log file created by the key logger can then be sent to the attacker. Some key logger programs will also record any e-mail addresses you use and Web site URL you visit.

How to be protected from Key-logger:

  • Keeping your operating system, software products and Web browsers up-to-date with the latest security patches
  • Install a good anti-spyware product that protects your devices against key logging malware.
  • Be careful when you use shared computers in public places. Many key loggers are planted in these public computers and devices.
Malware is a category of malicious code that includes viruses, worms, and Trojan horses.

 

Types of Malware:

  1. Trojans

This is a malware in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage. The main goal for the Trojan is to obtain your personal details without your knowledge.

 

  1. Virus

This is a malware that can change computer operations, without the permission or knowledge of the user. This program can also replicate itself and spread over a computer network.

 

  1. Worm

This is a malware that reproduces itself so that it can infect other computers. Frequently, it uses a computer network to spread itself, relying on security failures on the target computer without you being aware that your machine has become infected.

  1. Spyware

This is a malware that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the user’s knowledge. It can spy on how you’re using your computer – for example, by tracking the data you enter via your keyboard, taking screen shots or getting a list of running applications.

  1. Ransomware

This is a malware that modifies data on your computer – so that your computer doesn’t run correctly or you can no longer use specific data. The criminal will only restore your computer’s performance or unblock your data, after you have paid them the ransom money that they demand.

 

  1. Rootkit

A rootkit designed to conceal certain objects or activities in your system. Often their main purpose is to prevent malicious programs being detected – in order to extend the period in which programs can run on an infected computer

 

Spreading of Malware

Malware is spread in several ways and there are continual and innovative ways that criminals use to get it onto your computer. The most commonly known ways include the following:

  1. Emails

Often, especially recently, malware has been spreading through emails. It may be present in the attachments, or downloaded when you click on a link within the email.

How to be protected:

  • You must be aware and suspicious of attachments or links embedded within the email, even if it is coming from someone you know. Always scan your emails and attachments.
  • If you do not know the sender, then this is a valid reason to never open the attachments or click on a link within the email.

 

  1. Websites

Websites are also common places where malware can be inadvertently downloaded. Visiting a website and accepting the installation of free add-ons or applications might automatically download a malware without you knowing that.

How to be protected

Always be suspicious of such requests, especially those known as ActiveX components or strange media players.

 

  1. Pop-ups

This is a way to spread malware through the use of pop-up advertisements or false windows pop-up alerts or messages. Such pop-ups appear to look exactly as Windows alert pop-ups, and might fool you into believing it to be a legitimate Windows alert.

How to be protected

  • You should never click links or images appear in pop-up messages.
  • Always be caution of pop-up hoax advertisements such as those that claim to have scanned your computer and detected malware.

 

  1. Computer storage media

Sharing computer storage media, such as DVDs, CDs, and USB drives, can easily spread malware into your computer.

How to be protected

  • Never insert storage media and USB in untrusted computer such as public computer in airports and business centers.
  • You should always scan files on storage media before copying or opening them.

 

  1. Social networking sites

Social networking sites are becoming a main source of malware by installing malicious third party add-on applications when you inadvertently allow it or when clicking on web links in messages. You must be cautious when accessing these sites, as they give a false sense of security.

How to be protected

  • Only install third party social networking applications that are well known and trusted.
  • Never click links in messages from contacts that you do not know.

 

  1. Mobile devices

Mobile devices, particularly mobile phones, are also becoming sources for spreading malware. As these devices become more powerful, it will certainly lead to the spread of malware.

How to be protected

  • You should never install unverified or unsigned software on your mobile device.
  • Visit official website for the mobile applications owner to get the official internet link to download the official app i.e. you can visit Alistithmar Capital website to find the official links to download our official online trading apps.

 

  1. Software

Legitimate looking software is one of the most common methods to spread malware. Pirated software, such as those obtained through Torrents, often facilitates the spread of malware.

How to be protected

  • You should never install unlicensed or unapproved software on your computer
  • You should be suspicious of all free software.
  • Keeping your operating system, software products and Web browsers up-to-date with the latest security patches

Install a good anti-spyware product that protects your devices against key logging malware

Strong Password Tips :

How to create a secure password?
  • Combine lower-case and lower-case letters.
  • Combine alphabetical and numbers. (e.g. Dews2s3)
  • Create a unique abbreviation such as Ali Nasser to (AiNs24)
  • Things to avoid
    • Don’t use a password that is listed known passwords lists and dictionaries
    • Don’t use a password that contains personal information (name, birth date, etc.)
    • Don’t use words or abbreviations that can be found in a dictionary.
    • Don’t use keyboard patterns (qwer) or sequential numbers (1234).
    • Don’t use repeating characters (11qq).
How to keep your password secure?
  • Don’t share your password with anyone.
  • Don’t write your password down.
  • Don’t send your password by email.
  • Change your password periodically.
Two-Factor Authentication

Securing your personal information when you use our online trading service is the utmost priority of The Alistithmar Capital.

CMA regulations, which are aligned with worldwide best practice, require that all brokerage companies to implement additional protection for customers using Internet or channels for E-trading services. This is in response to the increased sophistication of attempts at fraud through electronic means.

Two-factor authentication protects you by providing you with a one-time password (OTP) for every transaction that you perform. Once used, an authorization code is of no further value as it cannot be re-used to authorize any other transaction.

One time passwords have a very short life and are designed to expire in a few minutes. This again protects you in that an unused code quickly becomes unusable. Moreover, each time an OTP is provided to you, any previously provided code is invalidated even if it has not yet expired

ICAP Tips for Secure Online Trading
  • Don’t store your personal information or access credentials to our e-trading system in your mobile phones as unauthorized people might access these information in the event of your mobile being lost or stolen.
  • Secure your online identity by maintaining the confidentiality of your financial information such as investment account and portfolios numbers and do not disclose or share with anyone.
  • Ensure the confidentiality of your access information to our online trading systems such as the username and password. Do not disclose it to anyone, including to the Alistithmar Capital staffs. Alistithmar Capital does not request this information from any client at under any circumstance.
  • Select a complex password which is difficult to guess and change it periodically.
  • Update your personal information by visiting branches of Alistithmar Capital or Saudi Investment Bank.
  • Do not disclose any confidential information while writing to Capital Investment through electronic means such as e-mail or any other mode of communication.
  • Make sure you update the operating systems in your personal devices and use trusted software for anti-virus and firewalls and update them periodically.
  • Do not click on any electronic link asking you to update your personal or login information to Alistithmar Capital e-trading systems. Alistithmar Capital does not send any request through Internet links requesting to update any personal or login information.
  • Make sure you are visiting the trusted Alistithmar Capital site by reviewing the link at the top of your web browser to be started with https://online.alistithmarcapital.com
  • Make sure your connection with Alistithmar Capital is encrypted by looking out for a small padlock symbol in the address bar (or elsewhere in your browser window) and a web address beginning with https://.
  • Do not leave your PC unattended while you are logged in to Alistithmar Capital online trading systems.
  • Make sure you log out when you finish using the online trading systems and close the browser and clear your browsing activities through the browser settings.
  • Do not use public computers or open Internet networks in public places to access online trading systems.
  • Check the SMS notifications received from the Alistithmar Capital through your mobile phone. When there is any suspicion of notification or SMS, please contact us immediately.
  • Download Alistithmar Capital mobile and desktop applications through the use of links available on the company’s website. It will direct you to the trusted applications on online application stores.
  • Read carefully all the information provided by Alistithmar Capital through its website, including the privacy policy and terms and conditions of online services as well as awareness information of information security to protect your online trading account.
  • In case you encounter any suspicious activity and/or security related incidents, you should report it immediately to us through our contact information