Cyber security

Passwords and online banking/app

  • Never disclose the password to your online banking account by phone or e-mail.
  • Do not write down your password on any other websites than Arion Bank Online Banking (https://netbanki.arionbanki.is/).
  • Choose a password which is not easy to guess and which includes both upper case and lower case letters, numbers and symbols.
  • Avoid accessing your online bank account on public computers.
  • Never disclose security information such as account number, PIN number or security code.
  • If unusual pop-up windows appear or if the computer is unusually slow, we recommend that you take it to an expert to see if it is infected with a virus.
  • Report unusual transactions in online banking or the app to the Bank immediately.

E-mail from Arion Bank

  • We will never ask your to respond to an e-mail to confirm personal or security related information.
  • We will never ask you to provide information such as passport number, credit card number, CVV/CVC code or expiry date.

Secure banking with smart devices

  • Do not store your user name, password or account security code on a smart device.
  • Do not make changes to your smart device which might compromise its defences, e.g. by installing unauthorized changes to the manufacturer’s operating system.
  • Avoid sharing devices with other people and always use your own device to log in to your online banking account or the app.
  • Do not put down your smart device while you are still logged into your online banking account or the app.
  • Always log out of your online banking account or close the app when you are no longer using it.
  • When you sell your smart device or stop using it, always delete all data from it in accordance with the manufacturer’s instructions.
  • Do not conduct any banking over wireless networks in public areas, e.g. in public areas of hotels and cafés.
  • Only use wireless networks which are protected with WPA (Wi-Fi Protected Access).
  • Use the browser which comes with your smart device or a browser from a recognized manufacturer which was downloaded from the manufacturer’s store, e.g. Apple Store.
  • Do not install any programs in your smart device unless they are obtained from the manufacturer’s store and read the program’s access permissions before installation. 
  • Regularly update the software of the smart device, both the operating systems and apps, particularly security updates.

Exercise caution when on phone

If you receive a suspicious phone call from someone claiming to work at your bank you can do the following:

  • Write down or save the number called from.
  • Ask the caller to identify themselves and to say where they work before continuing. You could ask which department they work in and what their cost centre number is.
  • Ask the person how they got your phone number and where they got the information on your accounts.
  • Ask the caller to call back if the sound quality is poor.
  • Never provide the caller with any personal information such as user name, password or security code.
  • Do not hesitate to end the phone call if you are uncomfortable with the situation.
  • Please notify the Bank of all such phone calls, for example by sending an e-mail to oryggisstjori@arionbanki.is.

Internet scams have become much more common which makes cybersecurity even more important in order to protect individuals and companies. Two types of scams have been particularly common recently: business e-mail compromise (BEC) and phishing.

Business e-mail compromise

Business e-mail compromise involves the scammer sending fake e-mails to employees of a company, often in the name of a manager, with false instructions to make a payment. Scammers are often well prepared and the fake instructions are often very convincing.

Examples of business e-mail compromise

1.

Preparation

Scammers often prepare their scams carefully. They find out when changes occur on the company, e.g. when a manager is going on holiday.

2.

Fake e-mail sent

Scammers send a fake e-mail in the name of the manager to an employee containing instructions to carry out a transaction ASAP.

3.

Employee is put under pressure to act

The scammer sends another e-mail in the name of the manager and states that they cannot be contacted to confirm the transaction as they are on holiday.

4.

Transaction is carried out

The employee gives in to the pressure and transfers funds into an account owned by the scammer.

How to prevent BEC

It is important that companies and people take appropriate measures to reduce the likelihood of scams, both by providing instruction and ensuring that secure procedures are in place. Here are six tips to help combat BEC:

  • Train employees to recognize the signs and risks of BEC.
  • Check the details of the instructions, such as e-mail, full name, payment information and check whether other people have received a similar mail.
  • Do not give in to pressure and be aware that repeated mails are designed make employees make mistakes.
  • An important component of a secure working procedure is to confirm payment requests by phone and it is reiterated that e-mail is not a secure means of communication.
  • Any changes to the payment information of suppliers should be confirmed by phone call, without exception.
  • Ensure that there is a procedure for accepting payment and that rules of procedure are updated and complied with.

Phishing

Phishing is when scammers try to trick people by sending messages by e-mail or SMS and trying to persuade them to click on a link, download software or open an attachment. The aim of scammers is to find out information such as user name, password, bank account details, bank account codes, credit card numbers, CVC number and other sensitive information.

Examples of phishing

1.

Fake message received

Fake e-mail or SMS is received which appears to be from reputable company and the recipient is encouraged to click on a link.

2.

Link leads to fake website

The recipient clicks on the link which leads them to a fake website which initially seems trustworthy.

3.

Information is stolen

The fake website asks for sensitive information such as user name, password, security code, card details or CVC number.

4.

Information used

By this stage the scammers have got hold of information which they can use to steal money or commit other types of scams.

How to prevent phishing

Phishing methods are constantly changing but normally they are in the form of e-mails or SMS. It is important to recognize the signs of phishing and to make sure measures are in place to prevent people from being tricked. Here are six tips to help combat phishing:

  • Recognize the signs of phishing and that e-mails, websites and SMS are often very believable and can contain fake statements and company logos and names of employees.
  • Never share security details with anyone. It is important to remember that banks, institutions and reputable companies never ask for sensitive information such as passwords, security codes or other personal information by e-mail or SMS.
  • Never enter user names or passwords on pages which pop up if you click on a link.
  • It is important to use two-factor authentication process in places such as webmail, Facebook and other similar sites.
  • It is important to install the latest software and security updates on all equipment, e.g. computer, phone and tablets.
  • It is a good idea to get into the habit of using different passwords for different services.

In the event of internet fraud you should immediately do the following

In the event of any suspicion that the company has suffered a cyberattack or any type of fraud, you could contact the company's bank which will then initiate the appropriate process with the authorities and other banks and seek to stop the fraud and recover the money. It is also important to contact the police directly or via abendingar@lrh.is.

Reports of internet fraud should be sent to Arion Bank at netsvik@arionbanki.is.

It is also important to contact the police directly or via abendingar@lrh.is.