It is noticed that some criminals recently have been pretending to be bank staff and sending fraudulent "phishing" SMS or emails, in an attempt to redirect customers to third-party websites, which request victims to leave personal information, passwords, security verification codes, credit card numbers or other sensitive information. We would like to hereby remind customers not to click any hyperlinks to banking services provided by SMS, emails, QR codes, Internet search engines or social networking platforms. Whenever receiving any SMS, emails or calls that claim to be on behalf of the bank, customers must always be vigilant and pay attention to the following items:
- Purpose of the Message: Scam messages usually deceive victims through social issues and special scenarios. Below are some typical examples:
Please note that we will never directly request customers to provide their sensitive information, such as ID number, mobile phone number, account number, ATM card/credit card number, Internet Banking User ID and password, one-time password etc., through SMS, emails or pre-recorded phone calls. In addition, when any fund transfer requests are received, please be reminded to verify the payee's identity, bank account number and the authenticity of such requests. Customers are highly recommended to call the Anti-Deception Coordination Centre (ADCC)'s "Anti-Scam" consultation hotline on 18222 to help combat suspected fraud cases.
- Vaccination: The fraudster may claim to help order COVID-19 vaccine or the appointment for vaccination has been rejected
- Government cash payout/digital vouchers: The scammer may claim to help register for collecting payment and request the victim to submit relevant personal information
- Lucky draws
- Gift redemption
- Mail or parcel delivery confirmation
- High-yield investment products offering
- Approval of transaction instructions (especially for corporate customers)
- Online banking unlock
- Content and Attachments: Please carefully check whether the content or title of the message contains incorrect grammar, spelling mistakes or other incorrect information. If the message has attachments, please do not open it at will.
- Email Address or Web Domain Name Format: After receiving an email, customers should first check the domain of the sender's email address (@shacombank.com.hk). Fraudulent URLs will also try to imitate the name of the bank. A common method is to add English letters, numbers or symbols. Therefore, please check the domain name of the URL (e.g. shacombank.com.hk) and whether it starts with "https" to ensure the security of the browsing connection. If in doubt, do not click on those hyperlinks and provide any personal information, financial information or security verification codes.
- Phone Numbers for Incoming Calls: Please note that our bank will not contact local customers with any phone numbers beginning with "+". If such call is received, please hang up immediately.
If you receive any suspicious communications, please do not disclose your personal or account information and should immediately call the Bank's Customer Service Hotline at (852) 2818 0282 for verification.
If you have provided personal or account information, password or conducted any financial transactions as instructed in suspicious communications, please contact the Bank's Customer Service Hotline at (852) 2818 0282 and report the case to the Hong Kong Police Force for investigation as soon as possible.
For more security tips, please regularly visit the Bank's website.