Phishing
Phishing is a type of online scam where attackers typically impersonate a trusted entity through emails, social media, or other communication channels. They may pretend to be institutions like CMB International or other financial institutions to trick you into providing sensitive information such as account details, passwords, personal data, or card numbers.
Common Features of Phishing:
- **Spoofed Sender Address**: Fake emails and messages often contain links with domain names that appear similar to legitimate organizations, using different combinations of letters, numbers, or symbols.
- **Urgent Tone**: Messages often claim there is a problem with your account that requires immediate action. They usually involve important information or request personal data to verify accounts, such as notifications about large transfers or prompts to activate new security features, urging you to click links or open attachments.
- **Suspicious Links**: Links in emails may direct you to counterfeit websites instead of legitimate ones. Fake emails typically contain links or attachments. The displayed link may appear to be the legitimate URL when hovered over, but it leads to a different site.
- **Spelling and Grammar Errors**: These messages often contain spelling or grammatical mistakes, which are telltale signs of a scam.
How to Prevent Phishing:
- **Check Sender Information**: Carefully verify the sender's address in emails.
- **Do Not Click Suspicious Links**: Authentic messages from our group do not contain any hyperlinks; customers can log into their transaction accounts directly through the mobile app (CMBI App) or visit our official website.
- **Use Two-Factor Authentication**: Enable two-factor authentication for added security.
- **Keep Software Updated**: Ensure the operating system and applications are always up to date to prevent security vulnerabilities.
Basic Fraud Prevention Tips and Recommendations
1. Identify Suspicious Information:
- **Unknown Sources**: Be vigilant about emails or messages from unknown senders.
- **Grammar Errors**: Scam messages often contain spelling or grammatical mistakes.
2. Verify Website Security:
- **HTTPS**: Ensure the URL begins with "https://" and check the site's security certificate.
- **Official Websites**: Access official sites directly rather than through links in emails or messages.
3. Protect Personal Information:
- **Do Not Share Lightly**: Avoid sharing personal information on unfamiliar sites or platforms. Be cautious about sharing information on social networks. Never disclose personal identifiers (e.g., name, email address, date of birth, postal address, phone number).
4. Use Two-Factor Authentication:
- **Enhance Security**: Enable two-factor authentication to improve account security. Keep login credentials secure and do not share them. Never allow others to use your authentication factors; do not forward one-time passwords or push notifications to third parties.
5. Regularly Update Passwords:
-
**Strong Passwords**: Use complex and unique passwords and change them regularly.
- Set a hard-to-guess password that does not contain spaces, at least eight characters long, incorporating uppercase and lowercase letters, special symbols, and numbers.
- Avoid using easily guessed characters as passwords (e.g., names, birth dates, HKID/passport numbers) and refrain from using the same password across different sites.
- Do not casually disclose any personal information (e.g., HKID/passport numbers and copies, birth dates).
6. Regularly Check Account Activity:
- **Monitor Account Activity**: Frequently review your account transactions to identify any unauthorized transactions or unusual activities.
7. Enable System Login Notifications:
- **Keep System Login Notifications On**: This helps you stay informed about login and transaction status, promptly detecting potential unauthorized transactions, thus reducing risks associated with online transactions.
8. Stay Vigilant:
- **Skeptical Attitude**: Remain suspicious of any requests asking you to transfer money or provide sensitive information. Always log out after online/app transactions and close the browser while clearing cache and history.
9. Protect Your Personal Computer or Mobile Device:
-
**Regular Checks and Deny Unknown Origins**:
- Regularly download and install updates for your operating system and browser.
- Install firewalls on your personal computer.
- Install antivirus software on your personal computer, regularly update virus definitions, and conduct virus scans.
- Never download or install programs from unknown sources, and do not open suspicious files, emails, or messages to prevent malware or viruses from stealing your personal data.
- If logging in via wireless networks, ensure that the network is secure and reliable.
10. Report Promptly:
- **Report Suspicious Activity**: If you suspect fraud, immediately report it to us and relevant authorities.
The above are some basic pieces of information regarding online security. If you suspect someone has obtained your password, it is advisable to change it immediately. Do not open any attachments or click on links in suspicious or unknown emails to protect your computer from viruses. Always remain vigilant when opening information purportedly from licensed corporations or browsing websites claiming to be associated with licensed entities.
Staying alert is the most effective way to protect yourself!
If you notice any suspicious impersonation or potential unauthorized transactions, please report them immediately to CMB International or the relevant government departments. Customers are also welcome to verify any suspicious messages with our customer service department.
- Hong Kong Police - Cyber Security and Technology Crime: [Police Website]( https://www.police.gov.hk/ppp_tc/04_crime_matters/tcd/index.html)
- Hong Kong SAR Government - "Information Security Website": [Infosec]( https://www.infosec.gov.hk/tc/)
-
Our Group Customer Service:
- Customer Service Hotline: 400-120-9155; (852) 3900 0888
- Customer Service Email: crm@cmbi.com.hk
