Important Message

Important Message



Information and Smart Tips from the Hong Kong Monetary Authority

Information and Smart Tips from the Hong Kong Monetary Authority

Third Party Account Fund Transfer Pre-registration

To further ensure the security and safety of your Fubon Internet Banking transactions, fund transfers to third party accounts within Fubon Bank can be either registered first with Fubon Bank or transferred to a non-registered account by two-factor authentication. The third party account registration and two-factor authentication service are free of charge.

Simply stop by any Fubon Service Outlets in person to complete the registration.

To complete the two-factor registration, you can either:

Customers should ensure the accuracy of the contact number and the registered mobile phone number for One Time Password (OTP) Service from time to time. In case of any update, please visit any of our branches for the relevant procedure.

Security Tips of Fubon Internet Banking Service

Follow the following security guidelines when you are using the Fubon Internet Banking Service:

Fubon Internet Banking Service access

  • Fubon Internet Banking Service should be accessed by directly entering the Bank’s website at the address bar of your browser
  • Close all other Internet browser windows before logging on to Fubon Internet Banking Service
  • Ensure that you have accessed the valid Fubon Internet Banking Service website by clicking the padlock or key icon at the web browser to check if the digital certificate is issued to by thawte ( as well as the valid period, etc.
  • Always use the “logout” button to exit the Fubon Internet Banking Service and close the browser after a logout confirmation has been displayed
  • Always logoff Fubon Internet Banking Service before visiting other internet sites
  • Always logoff Fubon Internet Banking Service when it is not in use
  • If anyone else is likely to use your computer, you should clear your cache or turn off and re-initiate your browser in order to eliminate copies of web pages that have been stored in your hard drive
  • Check your bank statement regularly to protect the correctness of transactions performed via Fubon Internet Banking Service
  • Check the Bank’s SMS messages and other messages in a timely manner and verify your transaction record
  • The Bank will never request customers to install or update Fubon Internet Banking Service through SMS or email
  • Do not access Fubon Internet Banking Service or provide your personal information (including your password) through any hyperlinks or attachments embedded in any emails, SMS, social media (e.g. Twitter/Facebook), instant messenger (e.g. WeChat/Whatsapp) or websites
  • Beware of any unusual login screen or process (e.g. a suspicious pop-up window or request for providing additional personal information)
  • Do not logon to Fubon Internet Banking Service by using public computers or public Wi-Fi
  • Do not leave your computer unattended after logging on to Fubon Internet Banking Service
  • Activate the auto-lock function on your computer

Using Fubon e-Statement Service

  • Access to Fubon e-Statement Service from a trusted computer
  • Close all other Internet browser windows before using Fubon e-Statement Service
  • Always close and delete the opened or downloaded e-Statement after using Fubon e-Statement Service
  • Do not access to Fubon e-Statement Service by using public computers or public Wi-Fi
  • Do not leave your computer unattended after you open or download the e-Statement
  • When you are using Fubon e-Statement Service in another person’s computer, be careful and ensure that your e-Statement has not been copied or stored in its hard drive

Protect your Username and password

  • Keep your Username and password secure and secret
  • Do not store or allow any third-party fingerprint(s)/face recognition(s) to be stored on your mobile device if you have activated Fubon Mobile Security Key Service
  • The Bank or any of our business partners will never ask you for sensitive information such as your Username or password by email, SMS or phone. When you are in doubt, please contact us at our Customer Service Hotline 2566 8181 immediately
  • Set a password that is difficult to guess and different from the ones for other services (e.g., connection to the internet, Mobile Banking, Phone Banking, ATM, email or other internet sites)
  • Do not select easily accessible personal information such as your telephone number, ID Card number or your date of birth as your password. When you are using another person’s computer to perform transactions, be careful and ensure that your password has not been copied or stored in its hard drive
  • Not to use 4 previously used passwords
  • Destroy the printed copy of the password after you have changed the password
  • Passwords should not be set based on Username
  • Change your password on a regular basis, change password reminder on Personal Internet Banking platform will be displayed if your password has not been changed for 90 days
  • Do not write down or store your password on your personal computer, on any device for accessing Fubon Internet Banking Service and on anything usually kept with or near it
  • Do not select the browser option for storing or retaining user name and password
  • Do not write down or record the password without disguise
  • Do not allow anybody else to operate your Fubon Internet Banking Service account or use your password, including any one claiming to be Fubon Bank (HK) staff
  • Stay alert and report unauthorized transactions to the bank
  • SMS / E-mail notification will be sent if your Internet Banking / mobile banking password has been changed / reset. If you did not perform such action, you should contact the bank at 2104 3362 immediately

Protect Yourself against Phishing Emails and Fraudulent bank websites

  • Never click the hyperlinks or open the attachments in suspicious emails purporting to be sent by the bank.
  • Instead of clicking the hyperlink, type the bank’s website address (, use a bookmarked link or use our official mobile banking application
  • The bank will never ask for your personal confidential information (e.g. Internet Banking ID, Internet Banking password)
  • If you are in doubt of suspicious website or communication, do not use any information provided, and contact the bank’s integrated customer hotline 2566 8181 during office hours* as soon as practicable

*Monday to Friday: 9am to 7pm; Saturday: 9am to 1pm (except public holidays)

Protect your computer and security device

  • Install firewall and virus detection software on your computer and update them regularly to protect your computer against virus and hackers
  • Install and promptly update security software to protect your computer
  • Delete junk or chain emails and do not open email attachments from strangers
  • Do not download or open doubtful files, browse suspicious websites, or click the hyperlinks and attachments in questionable sources (e.g. emails, instant messaging, SMS messages, QR codes)
  • Do not allow anybody else to operate or control your security device (e.g., Security token, Smart Card or Mobile Phone)
  • If your device with Fubon Mobile Security Key Service activated is lost or stolen, you should report this to the Bank immediately by calling our 24-hour Service Hotline 2104 3362 to terminate the service at once
  • Do not install software or run programs of unknown origin

Email Scam Alert

Fraudulent emails are going around recently. These emails ask customers to provide their banking information by different means such as account activation request or require of data verification so as to take further illicit operations.

To protect your benefits, please remember that Fubon Bank will never ask you for sensitive information, such as your account number, Username and Password by email.

When in doubt, please contact our Customer Service Hotline at 2566 8181.

Fake Call/ SMS/ Letter/ Fax Alert

The fraudsters may disguise as bank officials or police officers to collect your personal information through fake calls. They may also collect information through SMS messaging/ letters/ faxes or any other forms. For instance, they may pretend to be bank officials or police officers and send mass SMS/ letters/ faxes enquiring about your personal information, or send text messages through a lost or stolen mobile phone. You should never disclose your sensitive information (e.g. Password) to a third party and should safely keep your personal information.

Please contact our Customer Service Hotline at 2566 8181 if you are in doubt.

Customer’s Liability for Loss

  • If you find or believe your Internet Banking Password or device has been compromised, lost or stolen, or unauthorized transactions being conducted, please contact our 24-hour Lost Card Service Hotline at 2512 1131 to immediately terminate your Internet Banking Service. You will be liable for all losses if you fail to notify the Bank as soon as reasonably practicable
  • You may be held liable for all losses if you have acted fraudulently or with gross negligence, or failed to follow the securities guidelines

Disclosure for Customers using Fubon Internet Banking Service

What is WhatsApp Hijacking?

What is WhatsApp Hijacking?

Scammers will use deception to hijack victim’s account and address book on instant messaging programs such as WhatsApp, and then pretend as victim for requesting their friends and relatives to purchase game point cards on their behalf.

1. Obtaining verification code by deceit
Posing as the victim’s family or friends, scammers send victims messages asking them to relay the verification code of social media apps. Using the victim’s phone number to open a new account on instant messaging apps, scammers hijack the victim’s account.

2. Rob account
The scammers used the victim’s phone number to log in to his WhatsApp account, thereby robbing the victim’s account.

3. Obtaining game point cards by deceit
After successfully taking over the control of the victim’s account, scammers send messages to his/her family and friends, asking them to buy game point cards and send the game point card serial number to the scammers.

Anti-scam advice
  • Activate two-factor authentication for instant messaging apps
  • To keep your account secure, do not give the social media verification code of your instant messaging apps to anyone
  • If anyone you know asks you, through social media, to buy game point cards for them or transfer money, verify his/her identity first
  • When in doubt, call Anti-scam Helpline 18222
(By clicking above link, you will be leaving our bank's website and redirect to third party website where their terms of use and privacy policies will apply to you.)

Online Account Hijacking

What is Online Account Hijacking?

Instances of account hijacking date back to 2014. During this time, the instant messaging software LINE had a system vulnerability that exposed users’ accounts to hackers. These hackers were then able to deceive the victim's family and friends in their contact list into purchasing prepaid cards. The situation continued until around 2016, when the vulnerability was eventually resolved. In 2017, scammers began hijacking users’ WhatsApp accounts to trick people into purchasing prepaid cards using similar deception methods. Later, WhatsApp introduced the “two-step verification” (now known as “two-factor authentication”) feature. This feature has gradually improved the situation and made it harder for scammers to hijack accounts.

In August 2023, a new account hijacking method involving phishing messages emerged and later transformed into "search engine optimisation poisoning" attacks—these attacks primarily target WhatsApp accounts, with a few cases involving Telegram and other online platforms.

Trick 1: Phishing text messages
  • Scammers send phishing text messages with links to fake websites
  • The fake websites obtain the user’s phone number and request the platform to issue a registration code to the user
  • Scammers then get the registration code from the user
  • Scammers then use another device to log into the user’s account Scammers exploit excuses like bank transfers and loans to defraud users' family and friends

Trick 2: Search engine optimisation poisoning attack
  • Scammers create fake WhatsApp web login page
  • Scammers advertise using the keyword “WhatsApp” on search engines
  • When users enter the keyword “WhatsApp” in a search engine, the fake website will appear as the top ad
  • When users click on the top ad, they are taken to the fake website, where they scan a malicious QR code, allowing scammers to obtain their connection information
  • Scammers simultaneously log into users’ accounts through the online version of WhatsApp to deceive the users’ family and friends for money

Online account intrusions can have different causes. For instance, one may forget to log out of web-based messaging software after using a public computer, use malicious multi-account login tools, or have their electronic devices compromised by malicious software.

Scammers often use the excuse that online bank transfers exceed the limit and request contacts in the address book to help transfer money. They promise to repay the amount the following day, and the requested amount can vary from thousands to tens of thousands of dollars. Occasionally, there are also requests for large transfers.

Tips for avoiding online account hijacking:

  • Enable two-factor authentication
  • Regularly review the devices linked to your account and log out any unknown connected devices
  • Avoid disclosing passwords and verification codes casually or scanning QR codes without verifying
  • Set a strong password for your voicemail to prevent theft of voice one-time password
  • Avoid connecting to public Wi-Fi or logging into online accounts on public computers
  • Bookmark frequently used websites instead of relying solely on search engines for trustworthy results
  • Beware of any abnormalities in text messages and websites, such as misspelled domains or a mixture of traditional and simplified Chinese characters
  • If you receive a message from family or friend requesting help with bank transfers or remittances, always call to verify their identity and relevant request
  • If in doubt, use Scameter to assess for URLs, payment accounts, etc., or call 18222 for enquiries
Back to topTOP