Cyber criminals are taking advantage of the COVID-19 pandemic to target email users and steal personal information. Google reports blocking over 180 million phishing emails per day related to coronavirus. The emails try to trick users into providing passwords, credit card details, and other sensitive data. Cybersecurity experts warn that criminals are exploiting people's emotional response to the pandemic through fake websites, mobile apps, and emails posing as official organizations. Users are advised to be cautious of unsolicited emails, downloads, and websites during this time.

1. Cyber Security Tips
in Banking
RESHAM ACHARYA
HEAD IT

2. Importance of Cyber Security
 Cyber Security becomes the most challenging issue in banking and
financial sectors.
 Cyber Security is considered as the one the major Risk factor in banking
sector like , Operational Risk, Market Risk & Credit Risk
 Because of :
 Rapid Digitalization on Digital Banking
 Any where and Any time banking
 Raise of Various mode of Payments
 Open Banking Concept is raising
 Office works are converting from manual to digitalization/automation process

3. Fundamental terms
 Malware:Malware is short for "malicious software," also known as malicious code or
"malcode." It is code or software that is specifically designed to damage, disrupt, steal,
or in general inflict some other "bad" or illegitimate action on data, hosts, or networks.
 Phishing: A type of online identity theft. It uses email and fraudulent websites that are
designed to steal your personal data or information such as credit card numbers,
passwords, account data, or other information
 BOT: is an automated process that interacts with other network services. Bots often
automate tasks and provide information or services that would otherwise be conducted
by a human being.
 Scam:
 Spyware & Adware:
 Ransomware:Ransomware is a type of malicious software that threatens to publish the
victim's data or perpetually block access to it unless a ransom is paid
 Social Engineering: It is a non-technical approach hackers use to get sensitive
information.

4. Fundamental terms ?
 Virus:
Virus is a computer program or software that connect itself to another
software or computer program to harm computer system. When the
computer program runs attached with virus it perform some action such as
deleting a file from the computer system. Virus can’t be controlled by remote.
 Worms:
Worms is also a computer program like virus but it does not modify the
program. It replicate itself more and more to cause slow down the computer
system. Worms can be controlled by remote.
 Trojan Horse:
Trojan Horse does not replicate itself like virus and worms. It is a hidden piece
of code which steal the important information of user. For example, Trojan
horse software observe the e-mail ID and password while entering in web
browser for logging.

5. How to Protect from Phishing ?
 Do not click on links or download attachments from unknown sources.
 Never reply/forward the mail in case it is found suspicious
 Be suspicious of mails even when received from known sources when you are not
expecting it.
 Do not provide any personal or financial information (like user name, password,
credit/debit card credentials etc.) over email
 Be wary and cautious of unsolicited emails that demand immediate action
 Pay attention to URL of a website. Malicious sites may look identical to a legitimate
site but the URL may use a variation in spelling such as ‘l’ may be replaced with
identical looking ‘1’ etc.
 Always think twice before clicking on any link attached in the e-mail
 Check the URL by placing (hovering) mouse pointer on the link provided in the
mail which displays the correct website / URL where the link is actually pointed.

6. Areas of Alert we must be
 More than 80% Security Attacks are spreading via Emails.
 Other Media of Penetrations are:
 Weak , repeated and permanent Passwords
 Sharing Personal Info. including User Id and Password
 Removable Media,
 Visit of Malicious Website
 Personal Information stealing , Phishing
 Weak and repeated Passwords
 Installation /use of not necessary app/software
 Misuse of social media

7. Internet Security
 Do not blindly click on pop-ups
 Do not download software's which are not Approved by Bank
 Do not Upload any data belonging to bank on Internet
 Users are responsible for protecting their Internet account and password
 Users should ensure that they do not access websites by clicking on links
provide in emails or in other websites

8. Browser Security
 Do not blindly click on pop-ups
 Do not download software's which are not Approved by Bank
 Do not Upload any data belonging to bank on Internet
 Users are responsible for protecting their Internet account and password
 Users should ensure that they do not access websites by clicking on links
provide in emails or in other websites

9. Wi-fi Security
 Don’t enable Auto-Connect to open Wi-Fi Networks
 Don’t leave broadband connectivity open when it is not utilized
 Don’t connect to unknown Wi-Fi network at office or public place
 Change Default Administrator Passwords and User names in your home
router too.

10. Desktop/ Laptop Security
 Shut down the desktop while leaving
 Ensure you have updated anti-virus
 Scan /ensure the attachments before opening
 Do not install any unauthorized software
 Follow the Clear Desk & Clear Screen policy
 Do not enable sharing of folders in your C: drive
 Ensure confidential documents are not kept in the open
 User Network Drive for your file security
 Not place all files in Desktop
 Do now allow remote access unless ensured and recommended .

11. Password Security
 Do use hard to guess Passwords
 Do not use same password for all Accounts
 Do not write passwords anywhere
 Do not use personal information as password e.g. DOB, Name, Mobile
No…
 Passwords should be unique from previously used passwords.
 You are responsible for the work carried out in your User ID. It is your
digital identity
 Passwords should be created so that they can be easily remembered
 Change your password immediately if you shared to any one.

12. General Security Precautions
 Consider that all privacy starts with the employees
 Lock your Computer , Close Application when you leave .
 Sing out of email and Application immediately after use.
 Think Before Click
 Watch and Notice “S” with padlock in URL for secure website
 Do not use and seek Administrator login
Do not Choose Remember Password Option
 Do not use Admin Right Accounts
 Don’t Click Links from Suspicious Source , Emails
 Disable Auto Connect
 Update the browser regularly
 NOT SHARE OFFICE EMAILS FOR PERSONAL PURPOSE IN WEBSITES AND SOCIAL MEDIA
 Avoid pop-ups, unknown emails, and links
 Talk to your IT department for any suspicious activities noticed

13. How to Change Your Email password in O365 ?

14. How to change Password in zimbra

15. How to change password in Pumori

16. काठमाडौं । अहिले विश्िभर कोरोना भाइरस (कोभभड–१९) को मिामारी फै भलरिेको बेला अरुलाई ठगेर आफ्नो उद्देश्य पूरा गने गगरोि सल्बलाइिेको छ ।
इन्टरनेटमा सजिलो भिकारको खोिीमा रिेको यो गगरोिले कोरोनाको मिामारीको बारेमा जिमेल प्रयोगकर्ाालाई िरेक हदन एक करोड ८० लाख इमेल पठाइरिेको
पाइएको छ ।
प्राविगिक कम्पनी गुगलले हदएको िानकारी अनुसार कोरोना भाइरसको मिामारीको बेला विश्िभर ‘फफभसङ अट्याक’को बाढी नै आइरिेको छ । ‘फफभसङ’
इन्टरनेटमा ठग्ने त्यो र्ररका िो, िसमा अपरािीले इमेलमाफा र्् प्रयोगकर्ाालाई प्रलोभन देखाएर पासिडा, क्रे डडट काडा डडटेल िस्र्ा व्यजतर्गर् िानकारी भलने
गदाछ ।
गुगलका अनुसार उसले यस्र्ै १० करोड फफभसङ इमेल िरेक हदन ब्लक गरररिेको छ । विश्िभर जिमेल प्रयोगकर्ाा डेढ अबा रिेको बर्ाइन्छ ।
अपरािीिरुले िीमेल प्रयोगकर्ाालाई बबभभन्न प्रकारका इमेल पठाएका िुन्छन ् । त्यसमा के िी इमेल विश्ि स्िास््य संगठन िस्र्ा संस्थाको नामबाट पठाइएको
िुन्छ र कु नै सफ्टिेयर डाउनलोड गना उतसाइन्छ िा बिाना बनाएर चन्दा मागगन्छ । साइबर अपरािीिरुले के िी हदनयर्ा सरकारी संस्थाको नामबाट पनन फाइदा
उठाउने कोभसस गरररिेका छन ् ।
ठग्ने उद्देश्यले पठाइएका ९९ दिमलि ९ प्रनर्िर् इमेललाई आहटाफफभसयल इन्टेभलिेन्स प्रविगिमाफा र्् ब्लक गरररिेको गुगलले दाबी गरेको छ । साइबर
सुरक्षासँग सम्बजन्िर् कम्पनीिरुले पनन कोरोना भाइरसको नाममा पठाइएका ‘फफभसङ इमेल’मा ननगरानी गरररिेको िनाएका छन ् ।
साइबर सुरक्षासम्बन्िी एक िना सोिकर्ाा स्कट िेल्मले बीबीसीसँग भनेका छन ्, ‘अहिले कोरोना भाइरसको मुद्दा ननकै भािनात्मक भएको छ । साइबर
अपरािीिरुले यो कु रा बुझेका छन ् । आफू ले पठाएको इमेलको भलंकमा प्रयोगकर्ााले जतलक गने सम्भािना बढी िुन्छ भन्ने कु रामा उनीिरु विश्िस्र् छन ् ।’
नक्कली वेबसाइट र मोबाइल एप्स
अनुसन्िानकर्ाािरुले कोरोना भाइरसको िानकारी हदने नाममा नतकली िेबसाइट र मोबाइल एप्स बनाइएको पनन पत्ता लगाएका छन ् । यस्र्ै बदननयर्पूिाक
बनाइएको एक एन्रोइड एपले कोरोना भाइरसको फै लािटलाई ट्रयाक गना मद्दर् पुग्ने दाबी गररएको छ ।
िास्र्िमा यस्र्ो एप मोबाइलमा डाउनलोड गदाा रेन समिेयर (सूचना चोने उद्देश्यले बनाइएको प्रोग्राम) को भिकार िुन्छ मोबाइल । त्यसपनछ मोबाइल पहिलेकै
जस्थनर्मा ल्याउन चािने भए प्रयोगकर्ाासँग पैसा मागगन्छ ।
िालै बिटेनको एिेन्सी नेिनल साइबर सेतयुररटी सेन्टर र अमेररकाको िोमल्याण्ड सेतयुररटी विभागले संयुतर् सूचना िारी गरेका गथए । सो सूचनामा लेखखएको
छ, ‘साइबर िमलाको संख्या बढेको छ र अपरािीिरुले आफ्नो उद्देश्य पूरा गनाका लागग कोभभड १९ को फाइदा उठाइरिेका छन ् ।’ Source: Online Khabar