Cautionary Measures Against Internet Fraud (Phishing)
Leumi, like many financial bodies throughout the world, is a target for attempts at fraud by hostile agents. These agents operate via sophisticated methods with the aim of accumulating customer information for the purpose of accessing other accounts. One method is to send emails or text messages, which contain links to fake websites. This threat requires adopting precautions, both by the bank and by the customer alike.
Following is a list of rules and recommendations that will help you protect your identification data when surfing the Leumi websites:
It is recommended to directly type in the Bank’s website address (URL) and not enter the site through links, or through emails received from an unknown or unreliable source.
Under no circumstance should you send the following identification information via email: (user name, password, account number, credit card number etc.), to anyone, even if they identify themselves as Bank Leumi or associated with Bank Leumi.
Before accessing a link to enter your account, which appears in an email/text message which was sent by Leumi, you should check
That the personal identifying word chosen by you appears, in the subject field or in the body of the message.
In an email – the presence of the Bank’s digital signature must appear. This signature ensures that the email was in fact sent by the Bank and was not changed by any entity along the way (guidelines for checking the digital signature).
Each time you enter the website through a link appearing in an email or text message, you should check that you have in fact reached Bank Leumi’s internet website (see paragraph “verification of Leumi’s internet website” in the Instructions for Browsing Through your Leumi Account section), because in fraud activities a false website is frequently used, that looks like an exact copy of the official Bank website. If you received a suspicious message, do not click on the link appearing in it and immediately notify the technical support call center and send a copy of the message to email@example.com.
Signs of Frauduelnt Messages:
Messages which clearly request that the identification data be sent by email/text message.
Messages that have a tone of urgency, pressing you to provide or update your details registered in the Bank (by email, SMS or supposedly through the Bank’s website), with the threat of interruption of the service if the request is not answered.
Messages that have spelling mistakes (these mistakes help the message to bypass the content filtering mechanisms usually used by large companies).
When first accessing the website you should ensure that the overall structure and its external appearance are in fact familiar to you. Pay attention to the language used by the website: if you are used to accessing your account through a screen with instructions in Hebrew, avoid entering your details in a screen written in another language.
In the browsers Firefox 3.5, Safari 3.2, Opera 9.5, Google Chrome, Internet Explorer 7, Internet Explorer 8, Mozilla (and including more advanced versions of these browsers), when the internet website is suspected of being a false one, or is known to be a false one, the address will appear on a red or yellow background, and a warning will appear alongside it.
A website known to be false – colored red
A suspicious web site – colored yellow
If you accessed a website as said and entered your identifying data, you should immediately enter your account through the official Leumi website, change the password immediately and check the last transactions performed since the data was entered. In addition, it is recommended that you contact the branch and change your user name.
Pay particular attention: During entering/removing your Leumi identifying details (including passwords) you should validate that those websites included are actually official Leumi’s websites.
For additional online security information, click on the links below: