Security Tips

Ways to Secure Online Banking

General Tips

  • Choose strong and unique passwords (8 alphanumeric characters – mixed case letters -special characters- numbers).
  • Enable two-factor authentication.
  • Steer clear of public Wi-Fi.
  • Sign up for banking alerts.
  • Be wary of phishing scams.
  • Back-up your data.
  • Beware of social engineering.
  • Use Anti-Spyware software.
  • Use up-to-date anti-virus software, browser and operating system.
  • Choose trustworthy financial apps (google play store /Apps App Store).
  • Never share confidential information with anyone (Internet banking password, card PIN or OTP).
  • Report frauds and suspicious transaction to the bank immediately.
  • Report immediately to call center in case of stolen or lost bank card.


Phishing is an attack where attackers trick users into clicking harmful links or directing them to a shady website. It can be conducted through text messages, social media, or phone calls, but is primarily focused on emails. Phishing emails can reach millions of users and hide among benign emails. Attacks can install malware, sabotage systems, or steal intellectual property and money. Phishing emails can target organizations of any size and type, either as part of a mass campaign or as the first step in a targeted attack, with the attacker using employee or company information to make their messages more persuasive and realistic.

Email Phishing

Email Phishing

general email spams targeting all individuals

Spear phishing

personalized email spams targeting specific individuals

Whaling and CEO fraud

spear phishing techniques targeting senior executives and other high-profile individuals

Clone phishing

is a legitimate email with an attachment or link is copied and modified to contain malicious content and then sent from a fake address made to look like it’s from the original sender

How to protect yourself

  • ahlibank will NEVER request such personal information from customers, in such e-mails.
  • Never click a link to visit our official websites. Access ahlibank’s online banking facility through secure websites like or Our websites are secured and you will see the padlock symbol displayed on the status bar of your computer.
  • Be cautious of emails or phone calls asking for personal information, and be wary of communication that requests updates or confirmations.
  • Use a unique password or PIN and change it regularly, never disclosing it to anyone, even ahlibank’s employees.
  • Do not reply to | do not click any links in | do not open any attachments in any suspicious email
  • Monitor your transactions, review order confirmations, and report any irregularities to the bank.

Vishing (Voice Phishing)

Vishing is a cyber-attack using voice and telephony technologies to trick individuals into revealing sensitive data, including personal information or business-related details, to unauthorized entities. The attackers spoof the calling phone number to appear as if it is coming from a legitimate bank or institution. In addition, the attackers will pressure targeted users into sending money immediately, either using credit cards, bank transfers, or even gift cards. Ignore calls from unknown numbers

How to protect yourself

  • Never give out private information to someone contacting you through a voice call.
  • Never give any caller sensitive information regardless of where the caller claims to work.
  • Verify with ahlibank official number listed in our website.

Smishing (SMS phishing)

Smishing is a phishing attack that uses text messages from a cell phone or smartphone to deliver a bait message. Victims are often asked to click a link, call a number, or contact an attacker’s email address, potentially providing private information. This difficulty is compounded on mobile devices due to limited URL display. Smishing can be just as effective as email phishing due to fast internet connectivity and unusual phone numbers.

How to protect yourself

  • Don’t click hyperlinks in texts from suspicious or unknown numbers.
  • Be wary, if urged to pay or give out sensitive information pause and verify if the source is legitimate and trustworthy.
  • Never respond to texts from unknown or suspicious numbers – even to tell them to stop.
  • Always keep your phone’s operating system up-to-date to protect against malware hidden in smishing links.
  • Pay attention to social engineering red flags, such as urgent messages or get-rich-quick fixes.
  • Don’t trust texts asking for personal information, especially if they purport to come from real organizations.
  • ahlibank will never text you asking for such personal and account details.

Pharming (Fake Website)

Pharming, a portmanteau of the words “phishing” and “farming”, is an online scam similar to phishing, where a website’s traffic is manipulated, and confidential information is stolen. In essence, it is the criminal act of producing a fake website and then redirecting users to it. pharming is a type of social engineering cyberattack in which criminals redirect internet users trying to reach a specific website to a different fake site. These “spoofed” sites aim to capture a victim’s personally identifiable information (PII) and log-in credentials, such as passwords, social security numbers, account numbers, and so on, or else they attempt to install pharming malware on their computer.

How to protect yourself

  • Only follow links that begin with HTTPS. The “s” stands for “secure” and indicates that the site has a valid security certificate.
  • Check URLs for typos.
  • Scammers use spelling tricks to deceive visitors by replacing or adding letters to domain names; closely examine URLs for typos.
  • Avoid clicking on links or opening attachments in any email or message you are unsure of.
  • Avoid suspicious-looking websites generally.
  • Avoid deals that appear too good to be true.
  • Enable two-factor authentication where possible.

Identity theft

Identity theft involves obtaining someone’s personal or financial information to commit fraud, resulting in unauthorized transactions and purchases. Victims often suffer damage to their credit, finances, and reputation.

How to protect yourself

  • If you’re a victim of identity theft or account fraud, you should our call center +968-24577177

ATM Fraud

ATM fraud is basically the fraudulent activity of gaining illegal access to someone’s ATM card and PIN to withdraw money from their account. Criminals install devices on ATMs to obtain/skim the card account details and record the PIN number entered by customer. This information is then used to make unlawful cash withdrawals with counterfeit cards.

Skimming is a method of obtaining personal data from ATM, debit, or credit cards while they are used at an ATM machine or a merchant location.  Skimming occurs when devices illegally installed on ATMs, point-of-sale (POS) terminals, or fuel pumps capture data or record cardholders’ PINs. Criminals use the data to create fake debit or credit cards and then steal from victims’ accounts.

Shimming is a method used to capture information from chip-enabled cards and are much harder to detect because they are located inside of card readers of ATM or POS.

Cloning refers to making an unauthorized copy of a credit card.

Trapping involves hacking an ATM so that credit cards get stuck inside it. The thief then offers to help the user, asking them to re-enter their PIN so that he/she can memorize it. Then all the thief needs to do once the victim has gone is to retrieve the card from the machine.

Keyboard jamming involves criminals installing devices inside ATMs that prevent users from using key buttons, allowing them to withdraw money. If the transaction fails, the victim leaves frustrated, leading to scammers completing the transaction and stealing the money.

How to protect yourself

  • Check the machine for any attached suspicious or unrecognized devices.
  • Refrain from entering ATMs in desolated areas or without physical security.
  • Check for any hidden cameras.
  • Leave the ATM area if you see suspicious people lingering inside or around the ATM.
  • Be especially cautious when strangers offer to help you at an ATM, or if you notice any suspicious activity at or around the ATM area.
  • Inspect if the card slot is abnormally protruding outwards.
  • Examine if the keypad appears to be usually thicker than usual or damaged.
  • Keep the keypad covered while entering the PIN.
  • Report any suspicious incident immediately to call center.
  • If you come across any suspicious attempts to gather your bank information, don’t hesitate to report it to us at 24577177. Together, we can fight fraud and ensure the safety of your finances.