• You should use a licensed operating system, actively supported by the manufacturer.
• For work-related purposes you should use a PC, which is under your control and you should avoid public computers in Internet clubs, libraries, offices or others, for which you are not sure whether they provide secure and reliable Internet access, wireless networks included.
• Please, install only licensed software on the computer you use for online banking. You should maintain and update on a regular basis the systemic and application software, used by you.
• You should protect your computer with a personal firewall and keep it up-to-date.
• Please, avoid using the operating system with administrator rights.
• Do not leave your computer unattended while using UBB Online.
• Access to the UBB Online service requires a permanent (static) IP address for the duration of the banking session.
• You should turn off the browser options for automatic remembering of user names and passwords.

• Please, check the indications for security of the connection with the online banking webpage:
  • the webpage address should start with https, the full address being https://ebb.ubb.bg;
  • in the address bar or in the browser status bar you should see a locked padlock icon;
  • UBB's online banking page has been certified by GeoTrust, to check that, please, click on the locked padlock icon and choose "View certificates" option;
  • in status bar you must see that you are working in Trusted site zone (about Internet Explorer) if you have made browser settings.
• Always exit UBB Online with the "Exit" button before closing the browser.
• Please, check the system login information (date, time, IP address) from the Profile>>UBB Online Log info.
• Please, save your digital certificate on an external storage medium and not in your PC, as well as enter a transport password to protect its copy. Upon using the certificate on another computer, you should always delete it afterwards from the browser and you should also delete the file from which the certificate has been installed. Please, always install your certificate with the "copy" function turned off and use a master password (in terms of Mozilla Firefox).
• For additional protection, upon access to effecting payments in UBB Online, you should mandatory use one of the following work modes through a:
  • One-time password, received as an SMS
  • One-time password, generated by a hardware device, property of UBB, or by a mobile application for iOS and Android operation systems
• If you use a dynamic SMS password to access UBB Online, please, always check whether the site's validity code #XXX, displayed on your PC screen, corresponds to the 3-digit code, sent along with the one-time login password for active banking. If no code is displayed on your PC screen or upon discrepancy, please, close the application and do not make another system login attempt, prior to contacting the Bank for verification.

  Validation with SMS

  If you don't receive a temporary password to access active operations on your mobile phone, please get in touch with UBB Call Centre on telephone 0700 117 17 to specify a current mobile phone number.

  SMS verification

  Enter password #3297

  Confirm
• Upon using a dynamic SMS password, please, always read carefully your message. If you receive a password to confirm a payment that has not been ordered by you, please, do not enter this password anywhere, close the online banking application and contact the Bank.
• If while attempting to open the UBB Online site you come across unusual pages, asking you to either change your login password, requesting other information, or the entering of one-time passwords, please, do not confide, close the page and contact the Bank immediately.

• You should pay special attention to opening links from unknown senders or URL addresses, sent as unsolicited bulk email (UBE).
• Please, do not accept unrequested files, sent to you by unfamiliar contacts, while using instant messaging software.
• You should never allow your browser to remember your user name and password for access to a certain site.
• Please, be especially careful when in a web site or with an e-mail you are requested to provide:
  • Personal data, Personal ID Number;
  • User names and passwords;
  • Bank account numbers;
  • Debit/credit cards numbers.

UBB will never request such type of information via an e-mail or in the Internet

• You should neither fill in such forms in unfamiliar sites, nor answer similar e-mail messages.
• When downloading files from the Internet and before using them you should, firstly, save them in the hard disk and then scan those with the anti-virus software.
• You should neither open e-mails from unknown senders, nor their attachments. Many viruses could be attached to an e-mail message and spread upon opening the attached file (viruses can be installed even via files in Word format). To play it safe, please, do not open attached files unless these are messages you expect.
• Your awareness of the techniques for phishing personal data, certification instruments and sensitive financial information is of utmost importance for your information security. To this end, please, find below a description of the most popular techniques:

  • 

    Phishing

    Online phishing aims at provoking the disclosure of personal or financial information, requested via an email or a web site. Most commonly the fraud unfolds with an email which resembles an official message from a trustworthy source, for example - a bank or a credit card company. The message may seem legitimate and may contain the institution's trade mark, while the email address may resemble that of the company on whose behalf the message is being sent. A link in the email routes recipients to a fake web site where they are incited to provide confidential information, for example a name and password for access to online banking, bank card number, CVV\CVC code etc. Subsequently, this information may be used for identity theft, entailing financial fraud and damage. Dear clients, please, DO NOT PROVIDE via Internet or telephone any confidential information, related to your online banking access or your bank card. This information is not needed by the Bank and under no circumstances will it be requested from you. In order to protect yourself from such fraud types you should pay attention to the sender's email address. We recommend that you should install anti-phishing filters to the browser, used by you.

  • 

    Farming

    This method also uses fake websites, however, no e-mail messages are sent. Farming is done by redirecting traffic from a particular web site to another one, which is a fake copy and aims at theft of secret information such as usernames, passwords, etc. Probably the user will be unaware of the fraud because he/she has typed single-handedly the website's address. Upon change of the "hosts" file in the victim's computer the malware could modify the file, thus stealing valuable information from the victim. To ensure a shield from such kind of attacks you should comply with the PC protection rules, described herein.

  • 

    Voice phishing (Vishing)

    This is a version of the phishing method where the emails contain a phone number and the users are recommended to call this number in order to confirm their user identifiers, or other confidential information. The email may also conceal a virus through which the fraudster may infect the victim's computer and obtain access to the data, including bank certificates.

• The home page of your web browser has been changed unexpectedly and you cannot restore the initial one, set by you.
• When browsing on the Internet you constantly come across unexpected popping windows.

Upon a suspicion for an unauthorized access on your behalf to UBB Online you should immediately inform UBB at phone, Email: u-online@ubb.bg or notify the closest branch of the bank.