Dear Customer,

Habib Bank AG Zurich, as well as all subsidiaries of the Bank, irrespective of whether the Bank wholly owns subsidiaries, or has a majority ownership interest in them, wherever located, are committed to protecting your account information and transaction details. We have implemented a number of controls and security measures designed to monitor and secure your data.

Please note that Habib Bank AG Zurich will never request you to share confidential information such as your personal data, account number, Internet banking username and/or password, credit card details, etc. via email, text messages, automated phone calls or any social website including, but not limited to, LinkedIn, Facebook, X etc.

Unfortunately, electronic fraud is growing and criminal elements continue to target consumers. Among the common techniques used by criminals to commit fraud are “phishing” and email hacking.

• Phishing is where a fraudulent email appears to have be sent from Habib Bank AG Zurich. Such scam emails would include links to web pages that would look like the Bank’s website and requests personal information. Such emails are not legitimate and the links mentioned within do not go to genuine Habib Bank AG Zurich web pages and instead may redirect you to “Spear Phishing” websites (please check and confirm the website’s address in your browser’s address bar. Does it look like https://online.habibbank.com/hPLUS? If not, then do not enter any detail over there). Under no circumstances should you provide personal information by responding to fraudulent emails, clicking on any links, or attempting to login.
• Email hacking incidents are on the rise worldwide. This type of fraud may be done after fraudulently obtaining your email ID and account password. Once account password is compromised, emails are intercepted and contents (invoices, payment instructions etc.) are altered and then forwarded to the intended receiver.
• Impersonation is also very common these days and we have come across instances wherein fraudsters contacted our Clients impersonating as the Bank’s Agents using social websites. Please note that the Bank’s representatives will never use any social website to contact its customers. If there is any need for the Bank’s representatives to get in touch with you, the customer, then we will use legitimate and verifiable sources only.

In its continued efforts to further enhance security while logging onto HBZweb, Habib Bank AG Zurich offers its Clients options for adding greater security while logging on to the internet banking platform.

In order to further enhance security while logging onto HBZweb, a new challenge-response- authentication mechanism has been introduced. A dynamically generated 5-digit challenge, embedded in a graphic background, is displayed whenever the HBZweb login screen appears on the user’s browser, which they have to enter in the specified field. In addition to the response-authentication mechanism, the user has to enter his login ID, password and an optional secure key. This prevents automated processes from guessing HBZweb passwords and enhances security.

• Never respond to email requests that ask for any bank details. Please do not reply or click on any links that require you to login to a bank account. Simply delete the email
• Never send your account information via an email system other than the email system within your secure online banking website
• Keep updated software to protect your computer from viruses, spyware or malware
• Verbally verify payment details with your existing or new supplier before forwarding any payment instructions to Habib Bank AG Zurich. This is the only way you can be sure that the payment instruction you have received was sent by your supplier. Please do not seek or rely on email confirmations
• If you have previously replied to a suspicious email and provided personal or sensitive information about your account, please contact your branch immediately
• Make sure the browser shows the address starting with “https://online.habibbank.com/“. Please note the “s” after the “http.” If it does not have an “s,” DO NOT enter any password and contact the Bank immediately. This must be checked even if the HBZweb link is bookmarked as certain viruses can change bookmarks to point to fake websites

General Tips

• To login to your account, always type: www.habibbank.com
• Use the HBZweb option links and buttons to browse through the HBZweb online banking website as using the browser’s navigation buttons (i.e. back, forward and refresh) may log you out of the session
• Do not send any confidential information including account numbers, passwords, PINs, or signed payment instructions via regular email because emails are not encrypted and therefore, subject to being intercepted and read by third-parties
• Please check your monthly financial statements and reports, any discrepancies and/or unusual account activity and get in touch with your branch immediately

Protect Your Password

• Keep your HBZweb password strictly private. Never share your password with anyone including Bank employees and law-enforcement agencies
• Do not use easy passwords such as your name, date of birth etc.
• Use a combination of alphanumeric and special characters including lower-case and upper-case letters
• If you feel that your HBZweb password has been compromised, you must lock your HBZweb account immediately. Attempt to login by inserting an incorrect password three times. HBZweb access will be automatically locked after the third unsuccessful attempt
• Always “logout” from your online banking session when finished and close the browser
• Never leave your computer unattended after you have logged onto HBZweb online banking
• If you access your account from any computer other than your own (e.g. computer at work) be sure the system is private, not shared
• Make sure your browser supports 128-bit SSL encryption
• Keep virus definitions on your computer updated. Always make sure that you have applied all the latest security patches to your browser
• For further security, opt to use HBZsecure Key. For certain options, such as third-party fund transfer and HBZeLocker, the use of HBZsecure Key is mandatory. (Applicable for UAE, UK and HK customers)

For Additional Security Advisory for Habib Bank Zurich (HK) Limited customers, Click here.