Important Message | Fubon Bank

Protect your Personal Digital Keys, beware of fraudulent links Icon

Protect your Personal Digital Keys, Beware of Fraudulent Links
We never embed any hyperlink(s) in emails or SMS messages that link(s) to our official website or mobile applications. Please exercise caution in reading any emails or SMS messages that are allegedly sent by authorized institutions. Do not input internet banking login credentials or provide any sensitive personal information (including password or one-time password (OTP)) through any hyperlinks or attachments embedded in emails or SMS messages.

“SMS Sender Registration Scheme” Look for a Hashtag“#”for Registered Senders!
Our bank has participated in the “SMS Sender Registration Scheme” and we will only use registered sender IDs of “#Fubon Bank” and “#Fubon_Bank” to send SMS message to local mobile customers. Please note that the Scheme is not applicable to SMS which receiving parties are expected to reply to the senders via phone numbers; and Local subscribers of Single-Card-Multiple-Numbers / One-Card-Two-Numbers mobile service provided by non-Hong Kong operators. If you have any doubt about the identity of the sender, please contact our hotline at 2566 8181 (Press 8 after selection of language) for verification.

You can also Click here for details of “SMS Sender Registration Scheme” and List of Registered Senders.

Information and Smart Tips from the Hong Kong Monetary Authority

Third Party Account Fund Transfer Pre-registration

To further ensure the security and safety of your Fubon Internet Banking transactions, fund transfers to third party accounts within Fubon Bank can be either registered first with Fubon Bank or transferred to a non-registered account by two-factor authentication. The third party account registration and two-factor authentication service are free of charge.

Simply stop by any Fubon Service Outlets in person to complete the registration.

To complete the two-factor registration, you can either:

download the application form, fill in the information, and return to any of our branches personally ; or
visit any of our branches

Customers should ensure the accuracy of the contact number and the registered mobile phone number for One Time Password (OTP) Service from time to time. In case of any update, please visit any of our branches for the relevant procedure.

Security Tips of Fubon Internet Banking Service

Follow the following security guidelines when you are using the Fubon Internet Banking Service:

Fubon Internet Banking Service access

Fubon Internet Banking Service should be accessed by directly entering the Bank’s website www.fubonbank.com.hk at the address bar of your browser
Close all other Internet browser windows before logging on to Fubon Internet Banking Service
Ensure that you have accessed the valid Fubon Internet Banking Service website by clicking the padlock or key icon at the web browser to check if the digital certificate is issued to www.ebank.fubonbank.com.hk by thawte (www.thawte.com) as well as the valid period, etc.
Always use the “logout” button to exit the Fubon Internet Banking Service and close the browser after a logout confirmation has been displayed
Always logoff Fubon Internet Banking Service before visiting other internet sites
Always logoff Fubon Internet Banking Service when it is not in use
If anyone else is likely to use your computer, you should clear your cache or turn off and re-initiate your browser in order to eliminate copies of web pages that have been stored in your hard drive
Check your bank statement regularly to protect the correctness of transactions performed via Fubon Internet Banking Service
Check the Bank’s SMS messages and other messages in a timely manner and verify your transaction record
The Bank will never request customers to install or update Fubon Internet Banking Service through SMS or email
Do not access Fubon Internet Banking Service or provide your personal information (including your password) through any hyperlinks or attachments embedded in any emails, SMS, social media (e.g. Twitter/Facebook), instant messenger (e.g. WeChat/Whatsapp) or websites
Beware of any unusual login screen or process (e.g. a suspicious pop-up window or request for providing additional personal information)
Do not logon to Fubon Internet Banking Service by using public computers or public Wi-Fi
Do not leave your computer unattended after logging on to Fubon Internet Banking Service
Activate the auto-lock function on your computer

Using Fubon e-Statement Service

Access to Fubon e-Statement Service from a trusted computer
Close all other Internet browser windows before using Fubon e-Statement Service
Always close and delete the opened or downloaded e-Statement after using Fubon e-Statement Service
Do not access to Fubon e-Statement Service by using public computers or public Wi-Fi
Do not leave your computer unattended after you open or download the e-Statement
When you are using Fubon e-Statement Service in another person’s computer, be careful and ensure that your e-Statement has not been copied or stored in its hard drive

Protect your Username and password

Keep your Username and password secure and secret
Do not store or allow any third-party fingerprint(s)/face recognition(s) to be stored on your mobile device if you have activated Fubon Mobile Security Key Service
The Bank or any of our business partners will never ask you for sensitive information such as your Username or password by email, SMS or phone. When you are in doubt, please contact us at our Customer Service Hotline 2566 8181 immediately
Set a password that is difficult to guess and different from the ones for other services (e.g., connection to the internet, Mobile Banking, Phone Banking, ATM, email or other internet sites)
Do not select easily accessible personal information such as your telephone number, ID Card number or your date of birth as your password. When you are using another person’s computer to perform transactions, be careful and ensure that your password has not been copied or stored in its hard drive
Not to use 4 previously used passwords
Destroy the printed copy of the password after you have changed the password
Passwords should not be set based on Username
Change your password on a regular basis, change password reminder on Personal Internet Banking platform will be displayed if your password has not been changed for 90 days
Do not write down or store your password on your personal computer, on any device for accessing Fubon Internet Banking Service and on anything usually kept with or near it
Do not select the browser option for storing or retaining user name and password
Do not write down or record the password without disguise
Do not allow anybody else to operate your Fubon Internet Banking Service account or use your password, including any one claiming to be Fubon Bank (HK) staff
Stay alert and report unauthorized transactions to the bank
SMS / E-mail notification will be sent if your Internet Banking / mobile banking password has been changed / reset. If you did not perform such action, you should contact the bank at 2104 3362 immediately

Protect Yourself against Phishing Emails and Fraudulent bank websites

Never click the hyperlinks or open the attachments in suspicious emails purporting to be sent by the bank.
Instead of clicking the hyperlink, type the bank’s website address (https://www.fubonbank.com.hk), use a bookmarked link or use our official mobile banking application
The bank will never ask for your personal confidential information (e.g. Internet Banking ID, Internet Banking password)
If you are in doubt of suspicious website or communication, do not use any information provided, and contact the bank’s integrated customer hotline 2566 8181 during office hours^* as soon as practicable

^*Monday to Friday: 9am to 7pm; Saturday: 9am to 1pm (except public holidays)

Protect your computer and security device

Install firewall and virus detection software on your computer and update them regularly to protect your computer against virus and hackers
Install and promptly update security software to protect your computer
Delete junk or chain emails and do not open email attachments from strangers
Do not download or open doubtful files, browse suspicious websites, or click the hyperlinks and attachments in questionable sources (e.g. emails, instant messaging, SMS messages, QR codes)
Do not allow anybody else to operate or control your security device (e.g., Security token, Smart Card or Mobile Phone)
If your device with Fubon Mobile Security Key Service activated is lost or stolen, you should report this to the Bank immediately by calling our 24-hour Service Hotline 2104 3362 to terminate the service at once
Do not install software or run programs of unknown origin

Email Scam Alert

Fraudulent emails are going around recently. These emails ask customers to provide their banking information by different means such as account activation request or require of data verification so as to take further illicit operations.

To protect your benefits, please remember that Fubon Bank will never ask you for sensitive information, such as your account number, Username and Password by email.

When in doubt, please contact our Customer Service Hotline at 2566 8181.

Fake Call/ SMS/ Letter/ Fax Alert

The fraudsters may disguise as bank officials or police officers to collect your personal information through fake calls. They may also collect information through SMS messaging/ letters/ faxes or any other forms. For instance, they may pretend to be bank officials or police officers and send mass SMS/ letters/ faxes enquiring about your personal information, or send text messages through a lost or stolen mobile phone. You should never disclose your sensitive information (e.g. Password) to a third party and should safely keep your personal information.

Please contact our Customer Service Hotline at 2566 8181 if you are in doubt.

Customer’s Liability for Loss

If you find or believe your Internet Banking Password or device has been compromised, lost or stolen, or unauthorized transactions being conducted, please contact our 24-hour Lost Card Service Hotline at 2512 1131 to immediately terminate your Internet Banking Service. You will be liable for all losses if you fail to notify the Bank as soon as reasonably practicable
You may be held liable for all losses if you have acted fraudulently or with gross negligence, or failed to follow the securities guidelines

Disclosure for Customers using Fubon Internet Banking Service

Customer’s liability for unauthorized transaction
Service Fees and Charges

Customer Data Privacy
Customer obligations in relation to security for Internet Banking service
Reporting security incidents or complaints

What is WhatsApp Hijacking?

What is WhatsApp Hijacking?

Scammers will use deception to hijack victim’s account and address book on instant messaging programs such as WhatsApp, and then pretend as victim for requesting their friends and relatives to purchase game point cards on their behalf.

1. Obtaining verification code by deceit
Posing as the victim’s family or friends, scammers send victims messages asking them to relay the verification code of social media apps. Using the victim’s phone number to open a new account on instant messaging apps, scammers hijack the victim’s account.

2. Rob account
The scammers used the victim’s phone number to log in to his WhatsApp account, thereby robbing the victim’s account.

3. Obtaining game point cards by deceit
After successfully taking over the control of the victim’s account, scammers send messages to his/her family and friends, asking them to buy game point cards and send the game point card serial number to the scammers.

Anti-scam advice

Activate two-factor authentication for instant messaging apps
To keep your account secure, do not give the social media verification code of your instant messaging apps to anyone
If anyone you know asks you, through social media, to buy game point cards for them or transfer money, verify his/her identity first
When in doubt, call Anti-scam Helpline 18222

https://youtu.be/hRNn2DRfHYA
(By clicking above link, you will be leaving our bank's website and redirect to third party website where their terms of use and privacy policies will apply to you.)

Online Account Hijacking

What is Online Account Hijacking?

Instances of account hijacking date back to 2014. During this time, the instant messaging software LINE had a system vulnerability that exposed users’ accounts to hackers. These hackers were then able to deceive the victim's family and friends in their contact list into purchasing prepaid cards. The situation continued until around 2016, when the vulnerability was eventually resolved. In 2017, scammers began hijacking users’ WhatsApp accounts to trick people into purchasing prepaid cards using similar deception methods. Later, WhatsApp introduced the “two-step verification” (now known as “two-factor authentication”) feature. This feature has gradually improved the situation and made it harder for scammers to hijack accounts.

In August 2023, a new account hijacking method involving phishing messages emerged and later transformed into "search engine optimisation poisoning" attacks—these attacks primarily target WhatsApp accounts, with a few cases involving Telegram and other online platforms.

Trick 1: Phishing text messages

Scammers send phishing text messages with links to fake websites
The fake websites obtain the user’s phone number and request the platform to issue a registration code to the user
Scammers then get the registration code from the user
Scammers then use another device to log into the user’s account Scammers exploit excuses like bank transfers and loans to defraud users' family and friends

Trick 2: Search engine optimisation poisoning attack

Scammers create fake WhatsApp web login page
Scammers advertise using the keyword “WhatsApp” on search engines
When users enter the keyword “WhatsApp” in a search engine, the fake website will appear as the top ad
When users click on the top ad, they are taken to the fake website, where they scan a malicious QR code, allowing scammers to obtain their connection information
Scammers simultaneously log into users’ accounts through the online version of WhatsApp to deceive the users’ family and friends for money

Online account intrusions can have different causes. For instance, one may forget to log out of web-based messaging software after using a public computer, use malicious multi-account login tools, or have their electronic devices compromised by malicious software.

Scammers often use the excuse that online bank transfers exceed the limit and request contacts in the address book to help transfer money. They promise to repay the amount the following day, and the requested amount can vary from thousands to tens of thousands of dollars. Occasionally, there are also requests for large transfers.

Tips for avoiding online account hijacking:

Enable two-factor authentication
Regularly review the devices linked to your account and log out any unknown connected devices
Avoid disclosing passwords and verification codes casually or scanning QR codes without verifying
Set a strong password for your voicemail to prevent theft of voice one-time password
Avoid connecting to public Wi-Fi or logging into online accounts on public computers
Bookmark frequently used websites instead of relying solely on search engines for trustworthy results
Beware of any abnormalities in text messages and websites, such as misspelled domains or a mixture of traditional and simplified Chinese characters
If you receive a message from family or friend requesting help with bank transfers or remittances, always call to verify their identity and relevant request
If in doubt, use Scameter to assess for URLs, payment accounts, etc., or call 18222 for enquiries