Latest Security Notes and Online Security Tips
Please stay vigilant of the following security notes and online security tips to help you prevent online scam!
(1) Never disclose any of your personal or account information to unsolicited callers, pre-recorded voice messages phone calls, suspicious emails or links/QR codes in SMS
- Shanghai Commercial Bank Limited ("the Bank") noticed that our customers may receive bogus calls that claim to be calling from the Bank for cross-selling or gathering personal information. If you receive a suspicious call or would like to verify the caller's identity, do not disclose your personal or account information and please call us on (852) 2818 0282 immediately.
- Please note that our bank will not contact local customers with any phone numbers beginning with "+". If such call is received, please hang up immediately.
- Remember that in any circumstances, the Bank will never directly request customers to provide any sensitive information such as ID number, mobile phone number, account number, ATM card/credit card number, Internet Banking User ID and password, and One-Time Password through email, SMS or pre-recorded voice message phone calls (including via embedded hyperlinks).
- If you have any doubts about the message received, please do not disclose your personal or account information. If you suspect that you have leaked personal or account information, password or conducted any financial transactions to a suspicious third party, please immediately contact our Customer Service Hotline on (852) 2818 0282 for verification or Police's Anti-Scam Hotline (852) 18222.
- Do not click on the links embedded or QR code in suspicious emails, SMS or mobile communication apps (e.g. WhatsApp). Even if the domain name of such links appears to be legitimate, you may still be redirected to fraudulent websites with another domain name, and you will be requested to submit your sensitive information, passwords or credit card information. The fraudulent websites may appear under domains that are slightly different from the Bank's official website. A common method is to add English letters, numbers or symbols. The fraudulent websites may also looks quite similar to real website of the Bank.
- Please be reminded never reveal your online banking information to third parties (including other person, persons claimed to be the Bank's staff or law enforcement agencies, social media and unauthorized third-party service provider applications), such as your login name, password, One-Time Password (OTP) or any other sensitive information.
- Do not make any transactions through any suspicious links.
- Do not contact any phone numbers provided in suspicious emails or SMS.
- Do verify with your relatives and friends if they have sent a message to ask for money, purchase of gift cards or consumption coupons, or your personal information, credit card accounts or passwords etc.
- Report spam messages or block a sender within the messaging apps.
(2) Read all SMS messages and emails from Shanghai Commercial Bank and your telecommunication service provider carefully
- The Bank will send SMS notification to you in the event of any suspicious transactions occur.
- The Bank will send you an SMS-based One-time Password ("OTP") as a safety measure to safeguard the designated online transactions performed by you via credit card. Please verify the transaction details in the SMS content, such as transaction amount and merchant name, before entering the "OTP" to complete the transaction. Never disclose your "OTP" to anyone and do not allow anyone to use your "OTP". If you have disclosed your personal information to suspicious third parties or "OTP" to anyone, please immediately contact our Customer Service Hotline at (852) 2818 0282 for investigation.
- Pay attention to the notifications sent by your telecommunication service provider about the activation of the SMS/Voice Call forwarding function of your mobile device. If you receive a notification without authorized to activate these functions, please check with your telecommunication service provider immediately, and request to stop the function and report any suspicious cases.
- You may request your telecommunication provider to suspend the remote SMS/Voice Call forwarding function of your mobile device to avoid any unauthorized activation.
- Be sure to check your email frequently to ensure that you can receive important information from the Bank as soon as possible. Please pay attention to the email address and domain name when receiving emails, and check if they are entirely correct.
(3) Verify a request to change payee information for remittance by contacting the requesting party via another channel
- If you receive a transfer or remittance request including by familiar party, please STOP and THINK before taking any action, and consider whether this is a phishing scam. Remember to verify the identity of the counterparty through other channels, such as phone call, email, social communication software.
(4) Update your personal contact information with Shanghai Commercial Bank
- Please update your latest mailing address, mobile phone number and e-mail address with the Bank to allow verification in the event of suspicious transactions appear. If there is any change of the above contact information, please update in our Bank as soon as possible. For security reasons, you are required to update your information by submitting the Notice of Addition / Change of Contact Details Form to the Bank by post or visiting one of our branches.
(5) Protect against mobile/computer malware
- Avoid downloading and using cracked applications to prevent malicious programs from intercepting the One-Time Password on SMS.
- Do not download, install and use suspicious mobile applications on unofficial websites. Apps should be downloaded and upgraded from the official app store.
- Some malicious programs targeting Android phones attempt to steal customers' personal information through their mobile banking apps for fraudulent transactions. In some cases, the malware will attempt to circumvent the additional layer of security provided by a One-Time Password (OTP) by intercepting SMS or generate a fake dialogue inside the mobile banking app in order to trick customers.
- Install and regularly update antivirus software to monitor the installation of spyware/computer viruses on the device.
- To prevent the Spyware installation without your knowledge and virus attack, please avoid visiting or downloading software from suspicious websites.
- If any unusual screens pop-up and/or the computer responds unusually slow, please log off from the Internet Banking and scan the computer with virus protection software.
(6) Do verify the transaction details in the SMS content of One-time Password (OTP) sent by the Bank, such as correctness of transaction amount and merchant name, before entering the OTP to complete your Internet transaction.
(7) Do not enter sensitive information while using public networks which are less secure. Information can be intercepted during transmission.
(8) Suggest disabling the "Auto Fill" feature on your mobile devices to avoid the OTP automatically submitted to fake websites.
(9) Please read and follow the instructions specified in the "Internet Security Notes" from time to time.
(10) It is very important to vigilantly protect your computers to safeguard against Internet Banking fraud. All customers are strongly recommended to refer to the following publications and broadcasting materials provided by the Hong Kong Monetary Authority ('HKMA'), the Hong Kong Association of Banks ('HKAB') and Hong Kong Police Force ('HKPF').
More Security Tips