HCB Security Advisory

Dear Customer,

Habib Canadian Bank (“HCB” or “Bank”) is a subsidiary of Habib Bank AG Zurich (“HBZ”) and operates as a Schedule II Foreign Bank in Canada. HCB is pleased to provide you with HBZweb, our electronic banking platform. We are committed to protecting your account information and transaction details. We have implemented number of controls and security measures designed to monitor and secure your data.

Please note that HCB nor its parent HBZ will never request you to share confidential information such as your personal data, account number, Internet banking username and/or password, credit card details, etc. via email, text messages, automated phone calls or any social website including but not limited to LinkedIn, Facebook and Twitter etc.

Unfortunately electronic fraud is growing and criminal elements continue targeting consumers. Among the common techniques used by criminals to commit fraud are "phishing" and email hacking.

  • Phishing is where a fraudulent email appears to be sent from HCB or HBZ. This scam email includes a link to a web page that looks like the Bank's site and requests personal information. This is not a legitimate HCB or HBZ email and the link does not go to a genuine HCB or HBZ web page but instead may redirect you to a “Spear Phishing” website. Please always check and confirm the website's address in your browser's address bar. Does it look like https://sub.habibbank.com/CAN/hPLUS ? If not, then do not enter any details. Under no circumstances should you provide or share your personal information by replying to the fraudulent email, click on any links or login to the site you were directed to.
  • Email hacking incidents are on the rise worldwide. This type of fraud is committed after criminals fraudulently obtaining your email ID and account password. Once the account password is compromised emails are intercepted and contents (invoices, payment instructions etc.) are altered and then forwarded to the intended receiver. Many of our clients have informed us that they have become victim of criminal acts such as altered emails or invoice fraud.
  • Impersonation is also very common these days and we have come across a few instances wherein fraudsters contacted our clients impersonating a Bank agent or representative using social websites. Please note that the Bank’s representatives will never use any social website to contact it’s customers. If there is any need for the Bank’s representatives to get in touch with you, we will use only legitimate and verifiable sources.

In our continued efforts to further enhance security while logging onto HBZweb, we offer our clients options for adding greater security while logging on to HBZweb.

  • The option called "HBZcram" is a revolutionary new challenge - response - authentication -mechanism (as applicable). HBZcram is a free program which runs on any Java enabled mobile / PDA device. Please log on to HBZweb and go to the My Profile section to learn more and download HBZcram.
  • In order to further enhance security while logging onto HBZweb, a new challenge - response - authentication - mechanism has been introduced. A dynamically generated 5 digit challenge, embedded in a graphic background, is displayed whenever the HBZweb login screen appears on the user's browser which the user has to enter in the specified field. In addition to the response-authentication-mechanism the user has to enter their login ID, password and an optional secure key. This will prevent automated processes from guessing HBZweb passwords and enhance security.
  • Never respond to email requests that ask for any banking details. Please do not reply or click on any link that requires you to login to a bank account. Simply delete the e-mail.
  • Never send your account information via an email system other than the email system within your secure online banking web site.
  • Keep software that protects your computer from viruses, spyware or malware updated at all times.
  • Verbally verify payment details with your existing or new supplier before forwarding the payment instruction to HCB. This is the only way you can be sure that the payment instruction you have received was sent by your supplier. Please do not seek or rely on email confirmations.
  • If you have previously replied to a suspicious email and provided personal or sensitive information about your account, please contact your branch immediately.
  • Make sure that the location bar on the browser at the login-page shows the address starting with "https://sub.habibbank.com/CAN/hPLUS". Please note the "s" after the "http." If the http does not have an "s" at the end, DO NOT enter login ID or password and contact the bank immediately. This must be checked even if the HBZweb link is bookmarked as certain viruses can change bookmarks to point to fake sites.

General Tips

  • To login to your account, always type: www.habibcanadian.com
  • Use the HBZweb option links and buttons to browse through the HBZweb online banking site as using the browser's navigation buttons (i.e. back, forward and refresh) may log you out of the session.
  • Do not send any confidential information including account numbers, passwords, PINs, signed payment instructions via regular email because emails are not encrypted and therefore, subject to being intercepted and read by third parties.
  • Please check your monthly financial statements and report any discrepancies and/or unusual account activity and get in touch with your branch immediately.

Protect your password

  • Keep your HBZweb password strictly private. Never share your password with anyone including Bank employees and law enforcement agencies.
  • Do not use easy passwords such as your name, date of birth, etc.
  • Use a combination of Alphanumeric and special characters including lower case and upper case letters.
  • If you feel that your HBZweb password has been compromised, you must lock your HBZweb account immediately. Attempt to log-in by inserting an incorrect password three times. HBZweb access will be automatically locked after the third unsuccessful attempt.
  • Always "log-out" from your online banking session when finished and close the browser.
  • Never leave your computer unattended after you have logged onto HBZweb online banking.
  • If you access your account from any computer other than your own (e.g.computer at work) be sure the system is private, not shared.
  • Make sure your browser supports 128-bit SSL encryption.
  • Keep virus definitions on your computer updated. Always make sure that you have applied all the latest security patches to your browser.