Your security matters. These Security Awareness Guidelines explain common security threats and the simple steps you can take to protect your personal and financial information when using BBAC digital services, ATMs, or when receiving calls, messages, or emails claiming to be from the bank.

Your awareness matters too. Fraudsters constantly evolve their tactics. By staying alert and following these guidelines, you help keep your banking experience secure and trustworthy.

1- PROTECT YOUR PERSONAL & FINANCIAL INFORMATION

Personal and financial information includes:

• Card Details: Card number, PINs, CVV (3-digit code on the back) or expiry dates
• Login Credentials: Usernames or passwords
• Codes: One-time passwords (OTPs) or verification links
•  Account and identity information

The BBAC RULES:

1. BBAC will never ask for your password, PIN or OTP through phone, email, SMS, social media, messaging apps, or any digital channel.
    
2. BBAC will never send attachments, software, or installation links. Be cautious with any you receive, as fraudsters often use them to steal information or install malware.
    
3. Never share your password, PIN or OTP with anyone – not even BBAC staff. If someone pressures you to act urgently or requests your information, treat it as suspicious and verify independently.  

2- RECOGNIZE COMMON SECURITY THREATS

PHISHING

Phishing is when fraudsters impersonate a trusted entity like BBAC or other known contact to trick you into revealing your personal or financial information or clicking a malicious link, which may then be used to authorize fraudulent transactions or gain access to your accounts.

In banking, phishing may involve:

• Fake emails, SMS, WhatsApp messages, or websites that mimic BBAC and trick you into entering login credentials or clicking malicious links designed to steal your information – often by asking you to ‘verify’ your account or create a false sense of urgency.
• Phone calls pretending to be BBAC staff or Customer Care, requesting OTPs or card details.

IDENTITY THEFT

Identity theft occurs when someone unlawfully obtains your personal and financial information to commit fraud or other illegal activities. 

In banking, fraudsters may:

• Open new accounts or loans in your name without your knowledge.
• Carry out unauthorized transactions on your account.
• Make purchases using your stolen card details.
• Damage your credit history through fraudulent activity.

SOCIAL ENGINEERING

Social engineering uses manipulation tactics such as urgency or authority to pressure you into taking unsafe actions.

In banking, fraudsters may:

• Pretend to be BBAC staff or Customer Care, asking for login credentials or OTPs.
• Create urgency with claims like “your account will be blocked unless you act now”.
• Pose as IT support requesting to install software or access to your online banking.
• Exploit trust by impersonating managers or regulators to gain confidential details.
• Ask you to approve actions or share codes.

MALWARE (SPYWARE & VIRUSES)

Malware is a malicious program that can be installed on your device without your knowledge to steal your information or disrupt your activity.

In banking, malware may:

• Capture your login credentials and OTPs.
• Record your keystrokes to steal card details.
• Redirect you to fake banking websites that appear authentic.
• Interrupt or alter transactions while you are logged in.
• Access stored account details or financial documents on your device.

3- AVOID HIGH-RISK ENVIRONMENTS

PUBLIC DEVICES & NETWORKS

Using shared computers and public Wi-Fi networks, such as airports or cafés, increases the risk that your personal and financial information could be intercepted, recorded or misused. These environments are not under your control and may be monitored or compromised by fraudsters.

Risks include:

• Browsers storing your login credentials and browsing history that others can later access.
• Keyloggers or spyware capturing what you type, such as codes and passwords.  
• Fake or insecure Wi-Fi networks intercepting your internet traffic or redirecting you to fraudulent websites.
• Shoulder-surfing - people nearby observing your screen or keyboard to capture personal or financial information.

Whenever possible, avoid accessing banking services on shared or unsecured devices and networks. If you must use them:

• Log out completely when finished.
• Clear your browser’s cache, cookies and browsing history.
• Avoid saving information on the device.

4- HOW TO STAY SECURE

VERIFY COMMUNICATIONS CLAIMING TO BE FROM BBAC

If you receive an unexpected call or message claiming to be from BBAC:

• Do not share personal or financial information.
• Do not click suspicious links or open unexpected attachments.
• Do not be influenced by urgency or threats, and never automatically trust what you are told.
• End suspicious calls and verify the request or message by:
  • Contacting BBAC using official contact details on the bank’s website. (www.bbacbank.com or www.bbacbank.com.iq) or your account statements.
  • Visiting a branch if you prefer in-person verification.

MONITOR YOUR ACCOUNT FOR SUSPICIOUS ACTIVITY

• Enable real-time transaction alerts to stay informed about account activity.
• Regularly review SMS messages, emails, and notifications from BBAC to ensure they are legitimate.
• Check for unfamiliar transactions, duplicate charges, or transactions you do not recognize.

IF YOU SUSPECT FRAUD OF COMPROMISE

• Immediately contact BBAC Customer Care or visit the nearest branch to block your card or access to digital services.
• Change your login passwords and PINs as soon as possible.
• Review recent transactions and report any unauthorized activity.
• Scan your device for malware and ensure it is updated with the latest security protections.
• Avoid using the affected device for banking until it has been secured.

PROTECT YOUR PASSWORDS & AUTHENTICATION

Password Security

• Never share passwords.
• Avoid easily guessed information (birthdays, names, phone numbers).
• Do not reuse passwords across services.
• Use unique, complex and long passwords with at least 12 characters, including numbers, letters, and symbols.
• Change passwords regularly or if you suspect they may be compromised.
• Do not save passwords on shared or public devices.
• Consider using a trusted password manager to store complex passwords securely.

Multi-Factor Authentication (MFA)

• Enable MFA whenever available to add an extra layer of protection by requiring a second verification step, such as a code sent to your phone or biometric factor.

PRACTICE SAFE ONLINE BANKING

Safe Access

• Always access the Bank’s official website by typing www.bbacbank.com  or www.bbacbank.com.iq directly into your browser.
• Confirm the website uses secure connections (https://) before logging in.
• Do not rely on logos alone to verify website authenticity.
• Avoid public computers and unsecured networks whenever possible.

Session Protection

• Always log out after finishing your online banking session, especially on shared devices.
• Do not leave your session unattended.

USE MOBILE BANKING & DIGITAL BANKING APPS SECURELY

• Download BBAC apps only from official app stores (Google Play, Apple App Store).
• Enable biometric login (fingerprint or facial recognition) when available.
• Do not save login credentials or enable auto-fill on shared devices.
• Be cautious with in-app notifications and alerts before acting – BBAC will never request personal or financial information through app notifications.
• Review and limit app permissions to only what is necessary for the app to function.

KEEP YOUR DEVICE AND APPS SECURE

• Keep your device and apps updated.
• Avoid using modified (rooted or jailbroken) devices.
• Enable antivirus and anti-spyware software with automatic updates.
• Avoid clicking links or opening attachments from unknown or suspicious sources.
• Download software only from official application stores or trusted websites. 
• Verify websites are secure and legitimate before entering personal or financial information.
• Back up important data regularly.

5- OTHER SECURITY TIPS

STAY SAFE ON SOCIAL MEDIA

• BBAC will never ask for your personal or financial information through social media.
• Be cautious of fake accounts impersonating BBAC.
• Do not share banking information publicly or in direct messages.
• Verify promotions or announcements directly on www.bbacbank.com or www.bbacbank.com.iq.     

STAY SAFE AT ATMS

• Shield your PIN when entering it.
• Avoid ATMs that look tampered with or suspicious.
• Take your receipt and card immediately after the transaction.
• Report any unusual ATM behavior to BBAC immediately.

PROTECT YOUR CARD

• Ensure the card envelope you receive from the bank is sealed and is free of tampering before accepting it.
• Keep your card details confidential - never share them with anyone.
• Change your PIN regularly, and immediately if you suspect compromise.
• Use your card only on trusted and reputable websites.
• Check that the website has a secure connection (https://) before entering card details.
• Avoid saving card details on shared devices.
• Be cautious of deals, promotions, or offers that seem too good to be true.
• Regularly check your SMS alerts, emails, or app notifications for card activity.
• Monitor your card transactions regularly and report any unfamiliar transactions immediately.

6- REPORT SUSPICIOUS ACTIVITY IMMEDIATELY

If you suspect fraud, believe you have shared information, or notice suspicious activity on your account – such as unrecognized transactions or unauthorized access – please contact our 24/7 Customer Care team immediately:

• Email: customercare@bbac.com.lb 
• Phone:
  • Lebanon: 1296 (from Lebanon) or +961 1 366 921 (from abroad)
  • Iraq: +964-750-515 7575 or +964-772-515 7575  

Reporting quickly helps us protect your account and minimize potential losses.

7- STAY TUNED

BBAC regularly reviews and updates these Security Awareness Guidelines to reflect evolving threats and international best practices. Updates will be published on this page.

Stay safe. Your security matters.