Security awareness

Phishing

A criminal activity using attempts to fraudulently acquire sensitive information, such as usernames, passwords, account details, by masquerading as a trustworthy friend or company entity such as a bank in electronic communication or fake site. Phishing is typically carried out using email or an instant message, and often directs users to give details at a fake website, although phone contact has been used as well.

This is an attack against the identity of a person like you, our client. Oftentimes referred to as ‘identity theft’, the attacker wants to get hold of your personal information, using various techniques e.g. fake websites, fake e-mails etc. What can you do to help us prevent Phishers from taking advantage of you?

•  Watch out for Phishing email scams. Ensure that you are connecting to correct URL for Asyaf Investments i.e. www.AsyafInvestments.com
•  Avoid using “public” computers or network connections, especially when reviewing your financial information, In case you do use a “public” computer or network, when you finish delete personal files, cookies and the Internet cache after use.
•  Protect your laptop and other portable electronic devices from being stolen; enable hard disk encryption and require a password for access.
•  Never give out personal or financial information to anyone in response to a request to update, validate or confirm your account information, unless you have initiated the contact and you know whom you are dealing with.
•  Do not click on the link in chatting rooms or messages or call a phone number provided in suspicious emails even to update your information.
•  Do not reply to emails that look suspicious or are asking for personal information such as your social security number, account number or password.
•  Please note that Asyaf Investments will never send you an email asking you to respond with your personal information.
•  If you have recently responded to an unsolicited email in which you provided any personal information regarding your Asyaf Investments account and you now suspect it may not have been Asyaf Investments , contact us immediately so that we may take steps to protect your account.
•  A client should report any security incident to Asyaf Investments by contacting us at [email protected] or by calling +966114494493. This will enable Asyaf to take appropriate actions to protect you.

Social Engineering

The act of obtaining or attempting to obtain otherwise secured information by ‘conning’ an individual into revealing the secure information. Social engineering is successful because its victims innately want to trust other people and are naturally helpful. The victims of social engineering are tricked into releasing information that they do not realize will be used to attack a computer network. For example, an employee in an enterprise may be tricked into revealing his User ID and Password to someone who is pretending to be someone from IT support team. The social engineer can use that information in conjunction with other information that has been gathered to get closer to finding a way into the enterprise’s network.

Phishing is a type of security attack that relies on social engineering in that it lures the victim into revealing information based on the human tendency to believe in the security of a brand name because they associate the brand name with trustworthiness.

Virus Spyware

This is the most common threat facing us today. Viruses, spyware, Trojans and worms can do varying degrees of damage depending on their type. a client should have up-to-date Antivirus and Anti spyware software installed and enabled on their PC all the time.

Identity Theft

Identity theft is a crime in which someone wrongfully obtains access to your personal information and uses it in a way that involves fraud or deception, usually for economic gain. Unfortunately, most identity theft victims don’t realize they’ve been targeted until the damage has been done; resulting in unknown charges or withdrawals to Asyaf accounts, or calls from collection agencies among other consequences.

Identity theft is the deliberate assumption of another person’s identity, usually to gain access to their finances or frame them for a crime.

Password

Keep your password confidential and change it frequently. We would advise you, for your security, not to use common information such as your birthday, telephone number or a recognizable part of your name as your password.

Client Role (things you should do)

Clients also have a role to ensure their online security. Asyaf recommends that you adhere to the following security guidelines:

•  Keep your Operating System updated with the latest security updates and patches.
•  Enable your Antivirus and Anti Spy software and ensure it is configured to update automatically all the time.
•  Use properly configured Firewall software.
•  Review your Internet security settings in the browser.
•  Do not disclose your personal information and password to anyone including us.
•  Keep your passwords secret. Remember it should never be shared with anyone, even with Asyaf staff.
•  A client should report any security incident to Asyaf Investments by contacting us at [email protected] or by calling +966114494493. This will enable Asyaf to take appropriate actions to protect you.

How to report suspected security incidents?

If you suspect that there has been an unauthorized breach of your account(s), or that an online transaction has taken place that you did not initiate, you should notify Asyaf Investmentsimmediately by contacting us at [email protected] or by calling +966114494493.