Information Security:

The security of your personal information is always a priority at Commercial Bank Of Iraq. We work hard to help ensure your account information stays secure.
The following links will assist you in understanding various current threats and help you to avoid becoming a victim of financial crime.

  • Phishing
  • Pharming
  • Fraudulent Emails
  • Key Loggers and Trojans
  • Identity Theft
  • ATM Type Fraud
  • Reporting of Incident
  • Recommended Security Best Practices

Fraudulent emails are used by criminals to lure you to fake websites, which resemble original websites of financial institutions, and ask you to divulge personal information such as account number, credit card number, PIN number or Security Authentication Key.

The most common type of phishing e-mail purports to be a security message requesting you to validate your personal details or security questions. However, the details you confirm are then sent to the criminals.

Commercial Bank Of Iraq would NEVER request such personal information from you, our customer, in such an e-mail.

How to protect yourself

  • You should never access Commercial Bank Of Iraq’s online banking facility via a link contained in an e-mail.
  • To access Commercial Bank Of Iraq’s online banking facility either type on your web browser or go direct to theCommercial Bank Of Iraq online banking site at and then follow the link. These sites are secure and you will see the padlock symbol displayed on the status bar of your computer.
  • Be very suspicious of any e-mail or phone call received from a business or person that asks for your password, passport number, account or credit card information unless you have initiated the transaction. Similarly, be wary of any communication that sends your personal information and asks you to update or confirm it.
  • Use a unique password or PIN and change it regularly. You should never disclose your password or PIN to anyone – not even to Commercial Bank Of Iraq employees.
  • If you receive any such Phishing report to CBIQ immediately. 


Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however, will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect.

Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.

How to protect yourself

  • One way to check to see if the site you have been directed to is real is to look for the gold lock icon, (sec ) usually located in the bottom right corner of your browser's screen. If the icon does appear, click on it to verify a secure connection. However, keep in mind that the lock does not "guarantee" security. It is only a temporary security solution as there is no telling when the hackers will be able to perfect this icon to look legitimate.

Fraudulent Emails

With the evolution of e-mail, users have been targeted by global email scams that are intended to collect critical personal and financial information from unsuspecting victims.

  • Illegitimate offers are e-mails that entice users to purchase popular goods or services at reduced prices (or before they're available to the general public), with no intent to deliver those purchases. Usually, these e-mails are designed primarily to obtain credit card or bank account information.
  • Requests for help usually offer a recipient large sums of money or attractive rewards in exchange for "short term" financial assistance. One common example is the “sender” who asks the user to supply a bank account number to "hold" large sums of money until the “sender” can retrieve it. In exchange, the recipient is promised a percentage of the deposit. The “sender” uses the bank account number for fraudulent activity, and the recipient never receives the promised funds.

How to protect yourself

  • Be very suspicious of any e-mail or phone call received from a business or person that asks for your password, passport number, account or credit card information unless you have initiated the transaction.
  • Always be wary of unsolicited emails offering large sums of money.

Key Loggers and Trojans

Key-loggers are software programs that capture a computer user's keystrokes. Such systems are used by hackers to obtain passwords or encryption keys and thus bypassing other security measures.

A Trojan is a program that appears legitimate but performs some illicit activity when it is run. It may be used to locate password information or make the system more vulnerable to future entry or simply destroy programs or data on the hard disk. A Trojan is similar to a virus, except that it does not replicate itself. It stays in the computer doing its damage or allowing somebody from a remote site to take control of the computer. Trojans often sneak in attached to a free game or other utility.

How to protect yourself

  • Never use computers located in public places such as Internet cafes or airport lounges for online banking.
  • Install a Personal Firewall and anti-virus software with latest security patches and anti-virus signatures.
  • Always remember to update your antivirus signature
  • Do not visit suspicious sites. If you suspect that a website is not what it purports to be, leave the site immediately. Do not follow any of the instructions it presents.
  • Monitor your transactions. Review your order confirmations, Credit Card and Bank Statements as soon as you receive them to make sure you are being charged only for transactions that have taken place. Immediately report any irregularities to your bank.

Identity Theft

Identity theft happens when a criminal obtains your personal information to steal money from your accounts, open new credit cards, apply for loans, rent apartments and commit other crimes — all using your identity. These acts can damage your credit, leave you with unwanted bills and cause you countless hours and frustration to clear your good name.

How to protect yourself

  • If you're a victim of identity theft or account fraud, you should contact Commercial Bank Of Iraq.

ATM Type Fraud

ATMs have simplified personal cash management and allow withdrawal of cash outside of banking hours. However, the frequency of ATM frauds has also increased.

Different types of fraud: 

Card Skimming
Criminals install devices on ATMs to obtain/skim the card account details and record the PIN number entered by the customer. This information is then used to make unlawful cash withdrawals with counterfeit cards.

Shoulder surfing
Criminals pretend to help unsuspecting customers at the ATM, but in reality are memorizing the PIN number.

‘Operational Cash’ Departments
In tourist destinations where there are few banks and ATMs criminals approach tourists and offer their services in directing them to local merchants who will utilize their point of sale device to issue cash (‘operational cash’ departments). The merchant then skims the card account details and uses a fake PIN entry device to obtain the card holders' PIN. This information is then used to make unlawful cash withdrawals with counterfeit cards.

How to protect yourself

  • Be especially cautious when strangers offer to help you at an ATM, or if you notice any suspicious activity at or around the ATM area.
  • Use ATM locations that you are familiar with so any changes will be more apparent; for example, a false attachment on the front of the machine.
  • Ensure that other individuals at the ATM queue keep an acceptable distance from you. Be on the look-out for individuals who might be watching you enter your PIN.
  • Stand close to the ATM and shield the keypad with your hand when keying in your PIN.
  • If you feel the ATM is not working normally, press the Cancel key and withdraw your card and then proceed to another ATM, reporting the matter to the bank.
  • Keep your printed transaction record so that you can compare your ATM receipts to your monthly statement.
  • If your card gets jammed, retained, or lost, or if you are interfered with at an ATM, report this immediately to the bank.
  • Do not be in a hurry during the transaction and carefully secure your card and cash in your wallet, handbag or pocket before leaving the ATM.
  • Memorize your PIN (if you must write it down, do so in a disguised manner and never carry it with your card).
  • NEVER disclose your PIN to anyone, whether to a family member, bank staff or police.
  • Use unique PIN numbers and never use numbers like your date of birth, or the last four digits of your phone number. Change your PIN periodically, and if you think it may have been compromised, change it immediately.
  • Preferably only use AUB ATMs systems since they are equipped with anti-card skimming devices.
  • If you suspect or identify any of the above please contact Commercial Bank Of Iraq.


Security Best Practices you should follow

  • Ensure that your browser is up to date and security patches applied.
  • Always install the latest operating system patches and Service Packs.
  • Always use anti-virus software. Keep your anti-virus software up-to-date. The following are few of the antivirus software


  • Zone Alarm
  • Symantec – Norton Personal Firewall
  • McAfee
  • Use Anti-Spyware software. The following are few of the programs that detect and eliminate spyware from your PC.
  • Lavasoft’s Ad-aware
  • PepiMK’s Spybot Search and Destroy