24th October 2025, Kathmandu
In recognition of Cybersecurity Awareness Month in October 2025, NMB Bank has launched a crucial campaign to arm its customers with the knowledge needed to combat the rapidly rising threat of email scams, commonly known as phishing.
Awareness of Email Scams
As banking transactions increasingly shift to digital platforms, the email inbox has become a primary target for sophisticated fraudsters looking to steal credentials and compromise customer accounts. NMB Bank’s initiative is focused on promoting safe online banking practices, emphasizing that a few careful habits can build a powerful digital shield.
This article delves into the tactics employed by these email fraudsters and outlines the essential, bank-recommended strategies for safeguarding your financial security, ensuring your protection remains robust against the latest forms of digital fraud. The bank’s commitment is clear: to ensure customers’ financial security by transforming passive users into vigilant digital citizens.
The Phishing Net: How Scammers Use Email to Hook You
Phishing is a type of social engineering attack where fraudsters impersonate a trusted entity, like NMB Bank, to trick users into divulging sensitive information or clicking on malicious links. These emails are meticulously crafted to look official, often featuring the bank’s logo and professional-looking branding, but they are designed with one goal: theft.
1. The Urgent Account Alert Scam
This is the most common form of phishing and preys on a customer’s fear of losing access to their funds.
The Hook: The email claims that your NMB Bank account has been compromised, frozen, or requires immediate verification due to unusual activity, a system update, or an expiration date.
The Demand: It urgently instructs you to click a malicious link to a fake login page to “verify your details” or “reset your password.” Once you enter your credentials on the fake site, the scammers steal them.
2. The Unsolicited Prize or Refund Scam
This tactic appeals to a customer’s sense of greed or curiosity.
The Hook: The email excitedly informs you that you have won a large cash prize, a lottery, or are due a large tax refund from a government body, and the “prize” is being processed through your NMB Bank account.
The Demand: To “claim the prize,” you are asked to click a link and confirm your bank account details, ATM PIN, or One-Time Password (OTP). No legitimate bank or lottery will ever require your confidential login credentials to pay you a prize or refund.
3. Business Email Compromise (BEC) and Invoice Fraud
While often targeting businesses, individual customers who receive payments or run small enterprises are also vulnerable.
The Hook: A scammer sends an email that appears to come from a known vendor, supplier, or even a senior executive of your company (if you’re a business customer), requesting an urgent fund transfer to a new or modified bank account number.
The Demand: They exploit trust to trick the victim into making a fraudulent payment, stating the transfer must be completed immediately for an “important deal” or “overdue invoice.”
NMB Bank’s Cyber Safety Toolkit: Essential Prevention Strategies
NMB Bank explicitly advises its customers that the bank will never send an unsolicited email asking for confidential security details. Your protection hinges on recognizing the red flags and adhering to these non-negotiable security protocols:
1. Scrutinize the Sender’s Email Address
Do not trust the name displayed (e.g., “NMB Bank Customer Care”). Look closely at the actual email address.
Action: Hover your cursor over the sender’s name to reveal the full email address. Look for subtle misspellings, such as nmhbank.com.np instead of nmb.com.np, or a generic email like nmb.support@gmail.com. If the domain name is anything other than the official bank domain, delete the email immediately.
2. Never Click on Suspicious Links or Attachments
This is the delivery mechanism for almost all phishing attacks.
Action: Hover your mouse over any hyperlink in a suspicious email without clicking it. A small preview of the true destination URL should appear at the bottom of your browser window. If the URL is not the official NMB Bank website, do not click. Furthermore, never open attachments with unfamiliar file extensions like .exe, .zip, or .scr from an unknown source, as they likely contain malware.
3. Type the Website Address Yourself
If an email contains an urgent message about your account, resist the urge to click the link provided.
Action: Do not click the embedded link. Instead, close the email and manually type https://nmb.com.np/ into your browser’s address bar to log in. This ensures you are on the bank’s official, secure website. Always look for the padlock icon and the https:// in the URL.
4. Protect Your Credentials Like Cash
The bank re-emphasizes that your OTP, Password, and PIN are never requested via email, phone call, or text message.
Action: Use strong, unique passwords for your banking accounts that mix letters, numbers, and special symbols. It is highly recommended to enable Two-Factor Authentication (2FA) wherever possible, which adds an extra layer of security that scammers cannot easily bypass with just a stolen password.
5. Monitor and Report Immediately
Vigilance after a potential breach is as important as prevention.
Action: Regularly check your account statements and activate transaction alerts. If you suspect you have clicked a malicious link or revealed your details, or if you receive a suspicious email, contact NMB Bank immediately via their official email address or hotline, such as infosecdept@nmb.com.np, to report the incident and secure your account.
By following NMB Bank’s clear guidelines and incorporating these simple practices into their daily digital routine, customers can significantly reduce their vulnerability to email scams and confidently use the bank’s services throughout Cybersecurity Awareness Month and beyond.
For More: Awareness of Email Scams