General Security Guide
Internet banking login credentials, including usernames, login passwords and one-time passwords (OTPs), are as important in the digital world as the keys to their houses are in the physical one, and should be properly safeguarded.
In accordance with the HKMA’s supervisory requirements, the bank will not send SMS or email messages with embedded hyperlinks directing customers to their websites or mobile applications to carry out transactions. Nor will the bank ask customers to provide sensitive personal information, including login passwords and OTPs, via hyperlinks.
If you receive SMS or email messages with embedded hyperlinks requesting you to input internet banking login credentials, these messages should not originate from the bank. You should think twice before clicking any hyperlinks purportedly sent by the bank, and contact the bank immediately if you have any concerns.
Regarding HKMA’s “Protect your Personal Digital Keys; Beware of Fraudulent Links!” information, please click.
Fraud crime is growing and everybody should be aware of it. To protect yourself from being the next victim of fraudulent events, we hope the following tips may help you.
Safeguard your personal information and belongings, including ATM cards, credit cards, cheque books, identity documents, passwords, etc. This will protect you from identity theft, online fraud, card fraud, and more.
Whenever someone request for your personal information, either through phone calls, SMS texts or emails, be cautious and do not respond to these kinds of communications until you have ascertained they are genuine.
Fraudsters may send out scam emails, which may contain attachments or hyperlinks. Do not open them if you are in doubt, as this is a common trick used by fraudsters to install trojans or spyware to intrude your computer for personal information.
You should check your bank statements carefully, if you spot any transactions you do not recognised, contact us immediately.
Recommend to strengthen the security of the mailbox. This can prevent fraudsters from stealing your letters containing personal information, such as bank statements, credit cards, or tax assessment notice. If you have not received the scheduled letters in time, please contact the relevant organizations immediately.
To help members of the public verify the identities SMS sender, and prevent fraudsters from sending scam SMS messages masquerading as banks, effective from 28 January 2024, the Bank has commenced using the following ‘Registered SMS Sender IDs’ with the prefix ‘#’ to send SMS messages to local subscribers of mobile services:
#BANKCOMM
#BOCOM
#BOCOMHK
Please note that the Scheme is not applicable to local subscribers of Single-Card-Multiple-Numbers / One-Card-Two-Numbers mobile service provided by non-Hong Kong operators.
You should stay vigilant to bogus communications or messages of various means or channels, such as phone calls, SMS messages(Regardless of whether the SMS Sender IDs are prefixed with ‘#’), WhatsApp messages, emails, social media posts or letters, purported to be from banks.
You can get more details by reading relevant materials on the HKMA website (please click here) and the relevant video (please click here).
© Bank of Communications Co., Ltd. Hong Kong Branch (A joint stock company incorporated in the People’s Republic of China with limited liability). All rights reserved.
