The majority of online activity is done on personal devices. That includes browsing, communicating, posting on social media, as well as making financial transactions. That’s why we need to treat our mobiles with the same level of vigilance and cyber protection as we do with our computers.
How you can keep your mobile and laptop safe
- Download your applications from official app stores and check ratings to verify.
- Before doing any online transactions or sending personal information, make sure that the correct website has been accessed. Beware of bogus or "look alike" websites which are designed to trick you.
- Check if the website is secure by checking the Universal Resource Locators (URLs) which should begin with "https" and a closed padlock icon on the status bar in the browser is displayed. To confirm authenticity of the site, double-click on the lock icon to display a security certificate information of the site.
- Always enter the URL of the website directly into the web browser. Avoid being re-directed to the website, or hyperlink to it from a website that may not be as secure.
- Be wary of dubious third party aggregators. Do not disclose any information like your online banking credentials to third parties.
- Only use trusted Wi-Fi networks or service providers, not free public WiFi.
- Use security protection, at minimum, such as Wi-Fi Protected Access (WPA), if possible.
- If possible, use software that encrypts or scrambles the information when sending sensitive information or performing e-banking transactions online.
- Disable Bluetooth if you are not using it, or set your device so it is not discoverable.
Be cautious of using any free VPN
A "Virtual Private Network", or VPN, is a software that allows you to mask your computer's location or log on to sites as if your computer is based in another country or region. Be wary of security issues you might encounter when using free VPN.
Free VPNs have hidden dangers
- Malware hidden inside VPNs can steal your data, which can then be used to hijack your online accounts, steal your money (bank and credit card details), steal your digital goods or products, or lock or encrypt your devices in exchange for a payout (e.g. ransomware), and more.
- VPNs can also hijack your browser, redirecting it to other sites without your permission, which can further lead to fraud risk.
If you really want to use VPN, it's important to use a reputable VPN made by well-known providers or antivirus-software makers. Paid doesn't guarantee security but more often, the reputable VPN providers are more protective of your data. Check their ratings in terms of security and privacy.
Be vigilant if your mobile is suddenly out of signal
With more people using mobile devices to do banking, fraudsters have begun to use a technique known as a "SIM-swap".
The fraudster will call your mobile service provider claiming to be you, and ask for a replacement SIM card, saying that they lost your SIM or phone. If they are convincing, the mobile service provider will deactivate your SIM and will issue a new one to the fraudster, who then executes transactions that require OTP authorisations.
Things to look out for:
- Be alert and talk to your mobile provider immediately if you suddenly find you don't have network connectivity and are not receiving calls or text messages for unusually long periods.
- Be cautious of receiving unsolicited network services and don't surrender your SIM card to third parties claiming to be from your service provider. Contact your mobile network provider immediately for these attempts.
- It's also recommended that you don't switch off your phone if you're receiving numerous unknown calls. This could just be a ploy to make you turn off your phone so you don't notice a tampered network connection.
Maintain your device
- Install a personal firewall, the latest anti-virus and anti-spyware software on your phones, computers and tablets, and keep it updated. Even trusted phone brands that are known for having strong built-in protection against malware threats, can be at risk. When installing protection, always use a reputable brand from a mainstream supplier.
- Install updates and patches to your smartphone, computer and tablet regularly, including upgrades/updates to your operating system (OS) and web browser and other mobile applications in order to protect against weaknesses or vulnerabilities.
- Always check with an updated anti- virus program when downloading a program or opening an attachment to make sure it doesn't contain any virus.
- Install updated scanner softwares to detect and eliminate malicious programs capable of capturing personal or financial information online.
- Install apps on your phones or tablets from trusted sources only. Understand the permissions of mobile apps before you accept and install them. Never download any file or software from sites or sources, which are not familiar or hyperlinks sent by strangers. Opening such files could expose the system to a computer virus that could hijack personal information, including password or PIN.
- Don't use security loopholes to log on to Personal Internet Banking on jail-broken/rooted handsets or tablets. HSBC mobile apps do not run on jail-broken/rooted devices for your security.
- Set up auto-lock and passcode lock to prevent unauthorised access to your phones and tablets and enable remote wiping.
- Log-off from the internet banking site when computer is unattended, even if it is for a short while.
- Always remember to log-off when e-banking transactions have been completed.
- Clear the memory cache and transaction history after logging out from the website to remove account information. This would avoid incidents of the stored information being retrieved by unwanted parties.
- Don't store your username and password for HSBC Mobile Banking and other private services on your mobile handset or tablet.
- Avoid sharing your device with others and don't use other people's devices to log on to your private accounts.
- Some online services might request you to upload a scanned copy of your valid ID via their mobile apps. Protect your ID copy and treat it with the same caution as your physical ID card. Don't store your ID copy on your mobile device and don't share it with people you don't trust or know well. Don't scan your ID copy to any untrusted apps.
- If you have access to SMS service providers' app or portal, make sure to use complex passwords and change your password regularly to avoid fraudsters from intercepting your access and obtaining further sensitive details.
- Contact the Bank to talk about security concerns and remedies to any online e-services account issues.
- Refrain from doing mobile banking transactions in a place where you observe the presence of fraudsters trying to steal your confidential information by looking over your shoulder.
- If the phone is lost or stolen, report the incident immediately to your network provider so they can deactivate your SIM card. If bank details have been compromised, report it to us immediately.