Politique sur les risques de sécurité de l’information

Aperçu

Chez Maha Holding LLC (et au sein de toutes ses sociétés affiliées, y compris Maha Capital Partners LLC, ensemble Maha), la confidentialité, l’intégrité et la disponibilité des données sont la pierre angulaire de notre entreprise. Par conséquent, la protection de la sécurité de l’information est primordiale pour nous et nous surveillons en permanence le respect de nos normes industrielles en matière de personnes, de processus et de technologie.

Bien que Maha utilise diverses pratiques et mesures de sécurité afin de protéger les données des clients, vous jouez un rôle important dans la protection contre les cyber-risques qui peuvent inclure des attaques de logiciels malveillants, des accès non autorisés et des transactions frauduleuses.

Maha peut contacter périodiquement les clients directement par e-mail et par téléphone, mais ne sollicitera jamais de questions transactionnelles par téléphone (sauf celles strictement autorisées par la loi) et, dans tous les cas, ne demandera jamais que le client fournisse des informations d’identification bancaires électroniques, des coordonnées bancaires ou détails de paiement de quelque manière que ce soit. Moreover, Maha does not solicit business through cold calls or social media in any way or form.

More importantly, no member of the Maha Group shall ever attempt to sell, offer nor propose any investment by phone or by e-mail to any natural person, since only MCP may offer investment services to third parties and that such investment services may only be provided to “business” customers and “market counterparties”. ANY “RETAIL” CLIENT WHO IS CONTACTED OR BEING SOLLICITED IN RELATION TO ANY KIND OR FORM OF INVESTMENT PURPORTED TO BE MADE BY (OR BY ANY PERSON CLAIMING TO BE REPRESENTING OR AUTHORIZED TO ACT ON BEHALF OF) MAHA IS DULY INFORMED AND ADVISED THAT SUCH CLAIM IS LIKELY FRAUDULENT, AND SUCH PERSON MUST REFRAIN FROM ANY ACTION AND MUST FIRST ALWAYS VERIFY THE RELEVANT INFORMATION WITH A DULY AUTHORIZED REPRESENTATIVE OF MAHA BY USING THE CONTACT DETAILS SET OUT WITHIN THIS OFFICIAL WEBSITE.

Please report all relevant emails, documents, and email headers related to suspected cyber security, phishing, brand misuse and fraud related to Maha to [email protected]

COVID-19 Fraud Scams

Due to the general uncertainty surrounding the Coronavirus/COVID-19 pandemic, there is an increase of criminals looking to take advantage of the situation. As a result, you may receive phishing emails, unsolicited calls, text messages or messages on social media regarding Coronavirus/COVID-19 updates or notices purporting to originate from Maha, a member of the Maha Group (including Maha Capital Partners LLC) or governmental agencies such as the World Health Organization (WHO). These criminals will often use emotional pleas, threats or urgency to attempt to pressure you to take an action.

The below scams may not only include misleading information, but may request your personal information such as COVID-19 checks or loans. Oftentimes, these scams may include malicious links or attachments that should not be opened.

  • Government impersonation scams such as fraudulent messages via text, email or social media, claiming to be from the government, tax authorities and regulatory bodies, formal press releases on Coronavirus/COVID-19 or notices coming from the World Health Organization (WHO) with misleading information on school closures, lockdowns, stimulus packages (government backed loans) or travel notices.
  • Potential investment offerings that guarantee unrealistic returns in the current market or investment opportunities on facemasks, test kits, hand-sanitizers or products that falsely claim to prevent, detect or cure Coronavirus/COVID-19.
  • False donations being solicited to fund efforts to address the pandemic by impersonating charitable or government organizations i.e., NHS, CDC, GoFundMe, etc.

Fraudulent Investment solicitations: cryptocurrencies, corporate bonds…

  • Victims receive cold calls from fraudsters who promote shares, property or investment opportunities via phone, email or social media and later send a follow up email with a document attached or a DocuSign link.
  • Fraudsters may be offering bogus financial documents, such as fixed corporate bonds, diamond-linked, precious stones-linked or cryptocurrency(ies)-linked products, purporting to originate from Maha. Such scams are sent via email or directly via social media, misusing Maha branding such as employee impersonation or fake websites or accounts.

9 tips to stay safe

While there is no “guarantee” to be 100% safe from cyber attacks, here are our 9 tips to help keep your personal information safe and to better protect you:

  1. Avoid clicking on links or attachments: Cybercriminals do a good job of tricking people into clicking on links supposedly from their bank, telecom operator, utility company, tax service and other legitimate organisations. Think before you click – spelling errors, email addresses that don’t seem right, and out-of-the blue communications from friends should be treated with utmost caution. It’s better to manually enter the URL of the organisation in question to log into your account to verify any communications before clicking. In doubt, call the organization or your friend to verify before clicking.
  2. Passwords are the keys to your digital kingdom: Use unique, complex passwords with a combination of lower and upper-case letters, numbers and symbols and do not use the same password across your accounts.
  3. Keep your identity safe. Don’t share passwords or choose one that can be easily guessed. Make sure to change them often. And where possible, use two-factor or strong authentication which combines something you know (username and password) with something you have (a credential such as a card, token or mobile phone) to verify an identity or verify a transaction.
  4. Back-up your data – If your computer is infected by ransomware, malware or it crashes, the only way to definitely ensure that you will be able to retrieve your lost data is by backing it up and doing so on a regular basis. This also means that if you mislay data or accidentally delete something, it can always be recovered.
  5. Ensure that you have a robust and up-to-date internet security package running – With online threats becoming increasingly more sophisticated and cybercriminals willing to jump on any social trend to spread malware, the online threat landscape is changing drastically by the minute. Security software from a recognised name is the best and safest option when it comes to stopping malicious software from installing on your PC as it can prevent it from taking over or slowing down your system.
  6. Keep all software on your PC up-to-date with the latest updates and patches – by keeping your software up-to-date, potential vulnerabilities (including zero-days) can be patched and help keep cybercriminals and hackers at bay.
  7. Verify the web site you are on is safe – before entering your payment details into any web site, check that the URL begins with https – the “s” stands for “secure.” If a site has obvious typographical errors, or no evidence of security information or recognised symbols, avoid it. If in doubt, click on the VeriSign tick to verify a site’s identity, and if possible use a high security web browser that displays the green EV SSL address bar.
  8. Once online, always online: With anything you post online, it’s out there for everyone to see, so be careful with the identifiable information you use in your social media profile and which sites you sign up to. Avoid posting information that could be used by hackers to glean answers to bank security questions (for example, FB posts stating “your quarantine name – the first name is your pets name and the last name is the street you grew up on”.
  9. Change the password to your home router. With an increase in remote working and confidential work-related information passing through home networks, there is an elevated risk of hackers attempting to access and use default router passwords as attack points.

Phishing risks

Phishing is the simplest way for the cyber criminals to launch their attack. The criminals use fraudulent e-mails to convince you to click on a suspicious link or open an attachment to install malware or redirect you to a landing page to steal personal data and login details.

Hackers recreate well-known websites to capture your user credentials, such as passwords, Social Security numbers, credit card information or bank account details to name a few. They then use this stolen information to access your banking and other accounts.

Phishing materials often look genuine and may appear to originate from real people, organizations, institutions, and websites. While there is no guarantee to be 100% safe from cyber attacks, the following precautions are suggested to better protect you:

  • Maintain a medium or higher level of security on your browser settings.
  • Make sure the web address of any site you visit begins with “https://”. Some browsers show a padlock icon next to the https:// to indicate that you have a secure connection.
  • Log out after using an Internet banking or e-commerce service to ensure your session has closed.
  • Keep your cookies and browser cache clear so that hackers cannot access your history and obtain information.
  • Remember that hackers increasingly target children on social media and gaming websites.
  • Be mindful of the sites you visit: Do not visit sites that provide illegal downloads or illegal content (e.g., file sharing). Even if you do not download any files, you are vulnerable to viruses that can infect your computer.
  • Keep pop-ups and ads blocked, and never respond to pop-ups asking you to submit or resubmit your log-in information.
  • Beware of urgent emails requiring action (e.g., “Security Check”, “Activation”, “Verification” or any request to wire funds or make other payments).
  • Do not provide sensitive personal information over email. A better practice is to call the sender directly.
  • Change the password to your home router. With an increase in remote working and confidential work-related information passing through home networks, there is an elevated risk of hackers attempting to access and use default router passwords as attack points.

Please report all phishing emails and email headers related to Maha to [email protected]

Online Purchases

While there is no guarantee to be 100% safe from cyber attacks, here are some tips on how to protect yourself while online shopping.

  • Regularly check your banking and credit card transaction histories and your statements for any suspicious transactions.
  • Use two-step or multi-factor authentication when it’s available – you confirm your ID in two steps each time you use an ATM – with a debit card and PIN. Do the same online.
  • Enable private browsing whenever possible – prevent cookies and browsing history from being stored/saved to your device.
  • Use trusted bookmarks for important sites – not email links or pop-ups
  • Close windows containing pop-up ads or unexpected warnings using the X in the upper right-hand corner.
  • Do not buy anything promoted in a spam message – even if it is a legitimate company, your purchase encourages spamming
  • Remember every device carries a risk. Laptops, tablets and mobile phones are all susceptible to wireless security breaches. Do not connect to sites you don’t know or recognize. Don’t assume a Wi-Fi link is legitimate; hackers create fraudulent access points that appear to be identical to one that’s legitimate. Instead, use a virtual private network (VPN), which allows only authorized users to access the network so data cannot be intercepted. Do not connect to sites you don’t know or recognize.

Mobile security

As we become more connected through the use of our devices, below are tips to better protect yourself. Please note while these tips will reduce your risk against cyber attacks, these tips will not 100% guarantee your safety.

Best practice guidance for your personal devices:

  • Adjust your security settings to restrict access to your data via wireless and Bluetooth connections. Turn off Bluetooth when you don’t need the connection – your device will be less vulnerable both to cyber-attacks and you will not drain the battery life. For Apple devices, your Bluetooth settings will reset daily.
  • Keep your phone or computer locked – make sure it is password/PIN protected at all times.
  • Turn off notification pop-ups for text messages that may show your two-factor authentication code on the screen.
  • Update device’s operating system software to ensure you have the latest security patches.
  • Update the apps on your device when new versions become available, as these often include security patches.
  • Avoid clicking on Internet ads: Ad-blocking apps exist for both Android and Apple devices, and browser settings can be adjusted to limit ad tracking.
  • Install a security app to scan and remove malware-infected apps.
  • Encrypt sensitive information – if your mobile device or laptop has data encryption features, use them.
  • Monitor how apps behave on your phone – keep track of permission access/requests from apps installed on your device. Use a reputable anti-malware/virus program and update regularly. Mobile devices are susceptible to the same risks as your home or office computers. If you think your device has been infected with malware, contact either the device maker or your mobile phone carrier for help.
  • Choose a smartphone with anti-theft security features. If your phone is lost or stolen, set up remote access allowing you to lock it, wipe the data stored on it and identify its location.
  • Regularly back up your devices to your home computer or cloud network so that you have access to information if your device is lost, stolen or corrupted.
  • Do not try to bypass security controls in the device’s operating system (i.e., don’t jailbreak or root your phone).
  • Erase all your personal data before selling or recycling your device.

Security Vulnerability Disclosure Policy

Maha acknowledges the valuable role that independent security researchers play in cyber and information security. As a result, we encourage responsible reporting of any vulnerabilities that be found in Maha’s online systems and applications (including its website).

Maha is committed to collaborate with security researchers to verify and address any potential vulnerabilities that will be reported to Maha.

Please review our below-described terms before you test and/or report a vulnerability. Maha pledges not to initiate legal action against researchers for penetrating or attempting to penetrate our systems as long as they adhere to the following terms of this policy and can evidence that their actions were solely directed in the interests of protecting Maha’s interests and/or enhancing protection of Maha’s cybersecurity risks.

Maha does not permit the following types of security research:

While we encourage you to report to us any vulnerabilities you find in a responsible manner, the following conduct is prohibited:

  • Performing actions that may negatively affect Maha or its clients (e.g. Spam, Brute Force, Denial of Service, etc.)
  • Accessing, or attempting to access, data or information that does not belong to you
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
  • Conducting any kind of physical or electronic attack on Maha personnel, property, buildings or data centers
  • Social engineering any Maha service desk, employee or contractor
  • Conduct vulnerability testing of participating services using anything other than your own data in order to minimize the risk to our client’s data
  • Violating any laws or breaching any agreements in order to discover vulnerabilities

Reporting a potential security vulnerability:

  • Privately share details of the suspected vulnerability with or at Maha by sending an e-mail to: [email protected]
  • Please provide the full details of the suspected vulnerability, so that the Maha security team may validate and reproduce the issue.

The Maha security team commitment:

We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the Maha security team and associated development organizations will use reasonable efforts to:

  • Respond in a timely manner, acknowledging receipt of your vulnerability report
  • Provide an estimated time frame for addressing the vulnerability report, and
  • Notify you when the vulnerability has been fixed.

We are happy to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at Maha.

External Sources of Information

Please click the respective links below for further information:

Qatar Financial Centre (in the State of Qatar)

error: Content is protected