You're about to leave our website

This hyperlink will bring to you to another website on the Internet, which is published and operated by a third party which is not owned, controlled or affiliated with or in any way related to Standard Chartered Bank (Hong Kong) Limited or any member of Standard Chartered Group ( the "Bank").

The hyperlink is provided for your convenience and presented for information purposes only. The provision of the hyperlink does not constitute endorsement, recommendation, approval, warranty or representation, express or implied, by the Bank of any third party or the hypertext link, product, service or information contained or available therein.

The Bank does not have any control (editorial or otherwise) over the linked third party website and is not in any way responsible for the contents available therein. You use or follow this link at your own risk. To the extent permissible by law, the Bank shall not be responsible for any damage or losses incurred or suffered by you arising out of or in connection with your use of the link.

Please be mindful that when you click on the link and open a new window in your browser, you will be subject to the terms of use and privacy policies of the third party website that you are going to visit.


Proceed to third party website

Stay safe when you bank online

Person, Human, Art

Stay safe when you bank online

Banking with peace of mind

Be a smart digital user! While you are enjoying the convenience of banking online, you also need to be careful and adopt good security habits to protect your bank accounts and information.

Security Alert:

There is a rising number of scammers impersonating police officers, couriers, staff from Department of Health, MPF intermediaries, or an online shopping site. Stay vigilant and safeguard yourself from these scams as scammers can use the information you provide to them to make unauthorised transactions on your credit/debit cards or bank accounts. Click here to visit Anti-Deception Coordination Centre’s website to learn more about the latest scam alerts.

Important Note:

After SC Mobile Key registration or re-registration and initiating identified high risk instructions (e.g. add new payee, fund / payment transfer, increase transfer limit, etc), your Digital Banking account may be suspended due to security reason. Please call our hotline 2886-8862 for identity verification. The bank will re-activate your Digital Banking account after verification, and you could re-initiate the instruction thereafter.

Watch out for cybercriminal! Here are the recent SMS Phishing attacks:

Would you tap the link right away to check about your bank services?

The above Phishing SMS messages make you feel suspicious and confused, which induce you to reply via hyperlinks. Never reply or click on any link in this type of SMS message. Clicking on the link or replying to this message could:

  1. Lead you to a fake website asking you to input personal information, e.g. bank account credentials.
  2. Download malicious software (malware) to your phone. This malware might appear to be a legitimate app, which then prompts you to input personal information and send it to cybercriminals.
Five common characteristics of phishing messages:
  1. The name of the addressee is not specified (i.e. an undisclosed recipient).
  2. The name and email address of the sender may be exactly the same as the genuine information of the related bank.
  3. The email usually appears as an important notification from the bank (e.g. “Notification for a huge amount of fund transfer in the customer’s account” or “Request the customer to activate a new security function, otherwise, a specific banking service (such as fund transfer service) will be suspended”). The customer will be requested to click the hyperlink or open an attachment in the email.
  4. The email normally carries a hyperlink which looks like a genuine website address of the bank. However, when mouse-over the hyperlink, you will notice that the actual hyperlink embedded is another URL.
  5. Grammatical mistakes or typos may be found in the email.
Person, Human, Text

The Bank will not send SMS or email messages with embedded hyperlinks directing customers to our websites or mobile applications to carry out transactions. Nor will we ask customers to provide sensitive personal information, including login passwords and OTPs, via hyperlinks.

For more information, you may read the smart tips on the Hong Kong Monetary Authority (HKMA) website or watch the video from HKMA.

Tips for a safer Digital Banking experience

Update your apps and remember to log out

Always ensure your password is secure

Be aware and never share

Hk priority tab

Update your apps and remember to log out

  • Our tips for you:
      • Start by regularly updating the apps and anti-virus software on your mobile phones, tablets and laptops.
      • Only download the SC Mobile App through the 4 authorised channels found here – never from third-party sites.
      • When making a transaction, remember to double check the details before you press the submit button.
      • Always log out of the SC Mobile app or Online Banking session after use and never leave it running in the background.
Hk priority tab

Always ensure your password is secure

  • Our tips for you:
      • Tips for you to protect your PIN/password (such as digital account username/password, SC Mobile Key 6 digit PIN, etc.)
      • When inputting your PIN/password for the use of Standard Chartered Banking services safeguard them by keeping them away from prying eyes.
      • Never share or allow anyone to use your PIN/password or One-time Passwords (OTPs).
      • Do not write down / store your PIN/password on or near any of your devices / bank issued cards used for accessing Standard Chartered Banking services.
      • You should only write down / store PIN/password when absolutely necessary and ensure they are properly disguised.
      • Ensure your PIN/password are unique from your other secret codes.
Hk priority tab

Be aware and never share

  • Our tips for you:
      • Be careful about sharing personal information like your full name, date of birth, address, mobile or phone number. These details could be used to steal your identity.
      • Never respond to unsolicited emails, phone calls or texts. Scammers are clever at impersonating someone you trust, such as a police officer or a Bank representative.
      • Beware of payment or fund transfer requests from people you don’t know. If you are unsure, speak to someone you trust or contact us before making any payment or cash transfer.
      • Watch out for unauthorized cash deposits or withdrawals on your account, they could be fraudulent transactions.
      • If you receive a suspicious email, text or phone call allegedly from the Bank, please check the identity of the sender or caller with us immediately.

Don’t be a victim of cyber crimes and threats!

Phishing

What is phishing?

Phishing is a cyber crime where fraudsters try to obtain your personal information by email, messaging apps, SMS (also known as smishing) or phone (also known as vishing). This information can be used for identity theft, payment scams and credit card fraud as well as many other forms of cybercrime. Malicious links or attachments are often included in phishing and vishing messages, designed to steal your information or infect your system with malware (malicious software).

How can I spot if it is phishing?

  • Fake messages allegedly from the bank – Fraudsters can send you fake bank account statements, overdraft notices or loan cancellations. They may include our logo or even mimic our electronic mailers.
  • Your private information at risk – Fraudsters may ask you for your Digital Banking login credentials, one-time password or credit card number, by creating a webpage that looks like the official Online or Mobile Banking login pages or asking you sensitive questions. Malicious links or attachments are often included, designed to steal your information or infect your system.
  • Fake and unexpected prizes – Beware of unexpected prizes in fake lucky draws allegedly from us. Fraudsters may demand a token sum from you or insist you reveal your personal information in order to win.
  • Fake bank staff – Fraudsters may identify themselves as bank staff and ask you to provide personal particulars and financial information, or even perform transactions in the call.

Our top safety tips for you

  • Authenticate the identity of the caller or sender.
  • Look carefully at the sender’s address for lookalike domains (e.g. john@standardchartd.com), and never respond to, click on hyperlinks or download attachments in unsolicited emails, messages or phone calls.
  • Avoid simply relying on the incoming call display to establish the true identity of the caller or directly calling the bank hotline numbers provided in the messages and following the given instructions.
  • We would never ask you to provide your private information (e.g. your account and credit card numbers) and you should never reveal these details to anyone.
  • We would not include hyperlinks in our communications (e.g. SMS or email) requesting you to log in to Online or Mobile Banking. If you need to change your Digital Banking password, visit our Online Banking login webpage. Our official domains include sc.com, m.sc.com and retail.sc.com.
  • For mobile banking, update your SC Mobile app and phone’s OS regularly to ensure your security is always up to date.
  • We do not provide advice and recommendations on individual stocks through any communication channels, including phone calls and instant messaging apps (e.g. Whatsapp and WeChat). Be aware of possible ramp-and-dump scam.
  • We will send you an alert via SMS or email upon completion of each “card-not-present” credit card transaction. Please check upon receipt, and notify us immediately if there is any transaction in doubt.
  • Ensure your contact details registered with the bank (e.g. phone number, email address) are correct and up to date as we provide our clients with the latest updates on cybercrime.
  • Watch out for any message which pleads for assistance, invokes a sense of fear, urgency or curiosity, it might be a SMS phishing attempt to steal your personal information or commit fraud.
  • Watch out for any message scams asking you to click on a link or reply to reactivate an account, claim a prize won in a competition or collect a refund.
  • Many of the bank’s notifications* have been migrated to in-app push notifications in the SC Mobile app, so you can get notified via a secure channel.
  • Should you have any doubt about the identity of caller or the validity of the number they are using to contact you, please call our official hotline at (852) 2886-8868 for verification.

Back to top>>

Weak passwords

Why do I need a strong password?

Cyber criminals comb the internet and social media to find your personal information. So ensure you have a strong password to deter them. Weak passwords are uncomplicated and commonly used, for instance 12345678, or associated with your personal data, such as names or birthdays. As a matter of fact, it only takes a fraction of a millisecond to crack an uncomplicated 7-character password1.

How you can secure your personal information

  • Do not use the same password for multiple sites or accounts. Ensure the password used for your Standard Chartered banking account is unique from your online and social networking accounts.
  • Keep all passwords safe and confidential. Standard Chartered may verify the number of accounts you have, but we will never request your login credentials, whether by phone, email or text.
  • Strengthen your password by using a combination of upper and lower case characters, numbers and special characters. Likewise, a 12-character password is significantly stronger than 7 characters.
  • Memorise your banking password. Never write it down or store it on your devices. Additionally, make it a point to update your password regularly. Change the password immediately if you think it has been compromised.

1Web of Trust, Here’s How Long It Takes to Crack Your Password

Back to top>>

Mobile device threats

Why you need to secure your mobile device

Mobile devices are not immune to security threats. Installing a malicious app or clicking on a phishing link, for example, can provide cyber criminals with a back door to your mobile device and sensitive data.

Bank safely with us

Protect your phone and banking information by following these tips.

  • Download SC Mobile App from Google Play or the App Store or here. Never download the app from third-party or unknown sites.
  • Always log out from SC Mobile App after use, and never leave it running in the background especially after you have signed in.
  • Do not store your passwords, access codes or account numbers on your mobile phone. Cyber criminals can steal this information if your device is hacked or stolen.
  • Never use a ‘jailbroken’ (iOS) or ‘rooted’ (Android) device for your banking transactions. They make it easier for hackers to access and manipulate your phone’s operating system.
  • Malicious links or attachments in phishing messages are designed to steal your banking details or infect your mobile device. Never click on hyperlinks or download attachments in unsolicited emails or texts.
  • Ensure your phone’s operating system is updated regularly to fix any security gaps. Cyber criminals can exploit any software vulnerabilities to access your phone without your knowledge.

Back to top>>

Malware

What is malware?

Short for ‘malicious software’, malware is an intrusive programme installed on your computer or smartphone, often without your knowledge or permission. Once installed, it enables cyber criminals to commit fraud, like steal your banking credentials, run payment scams or hijack your system for a ransom.

Understand the common types of malware

  • Virus: infects files and software, and spreads to other computers in the network
  • Spyware: spies on your online activities and collects your information
  • Ransomware: encrypts information and keeps it from you, in exchange for money
  • Trojan: disguises itself as a legitimate software to modify, destroy or steal

Bank safely with us

Malware can come from various sources, like fake Standard Chartered assets; including websites or emails with attachments containing malware. You can protect yourself from malware by taking these precautions.

  • Never download files (including email attachments) without verifying that they are from a legitimate source. To access our banking services or resources, visit our website at https://www.sc.com/hk/.
  • Delete junk and chain emails. If you have opened one, do not click on any links or download any attachments. To change your Online Banking password, use our Online Banking login webpage. Never change it via any email links.
  • Install anti-virus and anti-malware protection on your devices. Enable the ‘automatic updates’ feature to ensure the software is able to detect and remove newer malware.
  • Never connect to unknown and unsecure Wi-Fi networks when carrying out online banking. If you are using your home network, ensure your router is secured.

Back to top>>

Social media threats

Security risks on social media

Cyber criminals often use social networks to gather your personal information. This helps them craft convincing phishing texts or emails, designed to steal your identity or takeover your social and banking accounts.

Practice safe social networking

  • Be mindful of what you are sharing online as some of this information can be used to steal your identity. This includes your date of birth, address or phone number.
  • Beware of cyber criminals who use a fake identity to start a relationship with you, this is known as catfishing. Their aim is to scam you of your money once they have earned your trust. Tell-tale signs include a reluctance to meet up in person or a lack of friends on their social networking account.
  • Keep potential fraud and spam out of your regular email inbox by creating a separate email account for social networking purposes. Never click on hyperlinks or download attachments in unsolicited emails.
  • Further protect your account by using a unique password for each of your social networking profiles. Ensure it doesn’t match the password used for your Standard Chartered bank account.
  • Keep your social networking accounts private and restrict them to friends and family only. This makes it harder for cyber criminals to monitor your online activities on these platforms.

Back to top>>

Telephone Deception

Beware of “Guess-Who-I-AM” phone scam

Standard Chartered Bank would like to remind our clients to stay alert towards “Guess-Who-I-AM” phone scam.

For more information, you may watch the video from ADCC.

Suspected Scam / “High Risk”? Check it out with “Scameter”!

Click HERE to visit Scameter website of the Hong Kong Police Force.

As there is an increasing trend of fraud cases related to payments, remember to double check the transaction details and the payee is trustworthy before you proceed with the transaction.

If you have any doubt with the payee details,  or receive the alert message flagging the payee’s information as “High Risk” when making the transaction instruction, you can visit the Scameter website of the Hong Kong Police Force to learn more.

Scameter is the one-stop search engine provided by the Police Force to help the public identify frauds and online pitfalls. When you encounter suspicious calls, online sellers, friend requests, job ads, investment websites, etc., you can enter the platform account name or number, payment account, phone number, email address, URL, etc. to assess the risk of fraud and cyber security.

Looks suspicious? Make sure you reach out to us!

Credit / ATM card PIN

If you suspect your Credit / ATM card PIN has been compromised, you can login to Online Banking or SC Mobile App to deactivate your Credit / ATM card.

 

Credit / ATM card transaction

If you do not recognize or feel suspicious about a Credit Card transaction, you can login to Online Banking or SC Mobile App to submit transaction dispute.

 

If you do not recognize or feel suspicious about a ATM Card transaction, you can visit here to submit transaction dispute.

 

Online Banking / SC Mobile App account / Online Securities Trading / SC Equities

If you suspect your Online Banking / SC Mobile App account / Online Securities Trading / SC Equities account credential (including username and/or password) have been compromised, you may call (852)2886-8862 to suspend your digital banking account.

When you think your account is safe or recovered, please call our hotline (852)2886-8868 to unlock it.

 

For any other doubt, please contact us immediately at (852)2886-8868 or visit any of our branches.

 

Remember, Standard Chartered will neither never request for your password or security information by phone call, email or SMS., nor do we notify anyone of account irregularities through pre-recorded voice messages. Also, we would not include hyperlinks in our communications (e.g. SMS or email) requesting you to log in to Online or Mobile Banking.