Get complete control of your accounts and manage your finances anytime, anywhere.

General Computer Security Information

One-Time Mandatory Change of Online Banking Login ID and Password Learn More.

Is it safe to shop and bank online?

The decision to bank or shop online is an individual choice, however, provided you take a few sensible precautions like using Anti-virus software, and shopping from reputable sites - it is safe. Adjust the security settings on your browser to protect you to the level you require. Don't give out personal information in chat-rooms or if you are not sure who is receiving the information.

How do I know if my PC is safe?

If you have anti-virus software on your PC (and keep it up to date), and are sensible about opening email attachments, and have the file sharing option on your operating system turned off (unless you need it for use in an office or home network) then your PC is reasonably safe. Try not to leave the PC connected to the Internet when it is not in use. You should also consider installing a firewall, this is particularly important if you have a permanent connection e.g. broadband access. As a further measure, make sure you keep back up copies of anything important on floppy disk, CD-ROM or another storage device then if you do fall victim to a virus or your computer breaks down you can still retrieve your data.

Standard Chartered Bank does not have policy to send emails with attached link asking you to update your information.

Is my computer safe if I am not connected to the Internet?

Yes, although there are still risks from viruses on floppy disks, CD-ROMs or portable hard disks if you are not connected to the Internet and of course your computer may break down or be stolen.

How do I know if a website is genuine?

Just as anyone can insert an advertisement in a newspaper, so anyone can set up a website. Check for contact details on the site (a postal address, not just an email address). Internet addresses have to be properly registered so most organisations have registered their own names as site names. However, this cannot always be guaranteed, particularly for all available suffixes, so if you are in any doubt it is advisable to check for physical address details. A browser lets you access the information on the Internet. Common browsers include Microsoft Internet Explorer, Netscape Navigator and Mozilla Firefox. A secure web browser supports the technical security protocols (standards) used by some sites, such as Internet Banking, to prevent unauthorized people from seeing information sent to or from the sites. You can tell when this is happening by the appearance of a padlock symbol at the bottom of the browser window. Double clicking this symbol will show a 'digital certificate' (also known as a SSL certificate) confirming the authenticity of the site.

What is Spam Email?

Spam is the slang term for unsolicited email. The practice of sending unsolicited bulk email ("spam") is an increasing problem on the Internet and it provides criminals with a way of reaching Internet anywhere in the world, no matter where they are located themselves. In order to reduce the amount of spam that you receive, you should be careful about disclosing your e-mail address and consider taking some of the measures below to protect yourself from spam.

Individuals behind these mass mailings, 'Spammers' collect addresses from a number of sources including websites or newsgroups/forums where they are displayed in full and buying address lists from websites where people have signed up for free offers or ordered something online. They also employ more malicious means such as using mass mailing viruses and worms, as well as dictionary-based attacks on popular domains.

7 ways to reduce spam:
  • Only share your main e-mail address with people you know.
  • Use an email programme that includes spam filters, an anti-spam product, or a service that scans your email for spam automatically.
  • Don't list your e-mail address in full on any websites, newsgroups or forums.
  • Disguise your e-mail address on websites, newsgroup posts, chat rooms, or bulletin boards. You can display your address on your website as an image (without using the mailto attributes), on your website insert an image in place of the @ sign, write it as your.name at my-isp.com, insert zeros instead of "o" (y0ur.name@my-isp.c0m), or insert additional words (your.name@my-ispREMOVE-THIS.com). By doing this you will still make it possible for other people to read your address, but prevent the automated programs that spammers use from harvesting your email address.
  • Make sure that you opt out of marketing offers allowing your address to be sold to third parties when registering or buying products or services.
  • NEVER reply to spam emails or attempt to use the "remove me" link as this will confirm that your address is live and you will receive more spam.
  • Don't open or preview spam messages as this may enable them to validate that the message has been opened.

10 General Computer Security Tips

One-Time Mandatory Change of Online Banking Login ID and Password Learn More.

Use antivirus and Spyware software

Make sure you have Anti-virus software on your computer! Anti-virus software is designed to protect you and your computer against known viruses but with new viruses emerging daily, Anti-virus programs need regular updates to recognise these new viruses. It is important to update your Anti-virus software regularly - the more often you keep it updated, the better - you should consider updating the software at least once a week. If you use your computer and receive a lot of emails, then updates should be made more frequently. You should also consider using software to detect Spyware. Spyware is malicious software (malware) that is downloaded onto your computer (often without your knowledge). It can be used by third parties and criminals to monitor your Internet activities which could compromise the security of your personal information. As with Anti-virus software you should check your system regularly for Spyware at least once a week.

How do I know if my PC is safe?

If you receive a suspicious email, especially from a sender you do not recognise, the best thing to do is to delete the entire message, including any attachment. . If you are determined to open a file from an unknown source, save it first and run your virus checker on that file. If the mail appears to be from someone you know, still treat it with caution if it has a suspicious subject line (e.g. "I love you" or "Anna Kournikova") or if it otherwise seems suspicious (e.g., it was sent in the middle of the night). Also be wary if you receive multiple copies of the same message from either known or unknown sources. Finally, remember that even friends and family may accidentally send you a virus or the e-mail may have been sent from their machines without their knowledge. This was the case with the "I Love You" virus that spread to millions of people in 2001.

Protect from Internet intruders

You should equip your computer with a firewall! Firewalls create a protective wall between your computer and the outside world. They come in two forms, software firewalls that run on your personal computer and hardware firewalls that protect a number of computers at the same time. They work by filtering out unauthorized or potentially dangerous types of data from the Internet, while still allowing other data to reach your computer. Firewalls also ensure that unauthorized persons can't gain access to your computer while you're connected to the Internet.

Download security updates from operating systems and other software such as web browsers

Most major software companies today release updates and patches to close newly discovered vulnerabilities in their software. Sometimes security flaws are discovered in a program that may allow a criminal hacker to attack and or control your computer. Before most of these attacks occur, the software companies or vendors create free patches for you that are posted on websites for download and installation by their customers. It is important to check your software vendors' websites regularly for new security patches or use the automated patching features that some companies offer such as Microsoft and Apple for their respective operating systems.

Password security

The most secure passwords are those that contain a mix of upper and lower case characters as well as numbers and characters. You should also try and create a password that is around 8 characters long. Ultimately passwords will only keep someone out if they are difficult to guess! As with your PIN number and other private information it is important not to share your password. Try not to use the same password in more than one place. If someone should happen to guess one of your passwords, you don't want them to be able to use it in other places.

Simple Password 123

  • A password should have a minimum of 8 characters, be as meaningless as possible, and use uppercase letters, lowercase letters, symbols and numbers, e.g., K2v$7Ta8.
  • Change passwords regularly, at least every 90 days.
  • Do not give out your password to anyone!
Backup your computer regularly

It is important to be prepared for the worst case scenarios, losing your information through a virus attack. Try and back up small amounts of data on floppy disks and larger amounts on CDs. If you have access to a network, consider saving copies of your data on another computer within the network. Many people make weekly backups of all their important data. It's also important to retain and store safely your original software start-up disks. Keep them handy and available in the event your computer system files get damaged.

Limit sharing - don't allow access to strangers

If you or a member of your family downloads files from the Internet via file-sharing networks, such as Kazaa, your computer operating system may allow other computers to access the hard-drive of your computer in order to "share files". This ability to share files can be used to infect your computer with a virus or allow someone to look at the files on your computer if you don't pay close attention. It is advisable therefore, unless you really need this ability, to make sure you turn off file-sharing. Check your operating system and other program help files to learn how to disable file sharing.

Disconnect from the Internet when not in use

Disconnecting your computer from the Internet when you're not online lessens the chance that someone will be able to access your computer. And if you haven't kept your Anti-virus software up-to-date, or don't have a firewall in place, someone could infect your computer or use it to harm someone else on the Internet.

Check security settings regularly

The software and operating system on your computer have many valuable features that make your life easier, but can also leave you vulnerable to hackers and viruses. You should evaluate your computer security regularly. You should look at the settings on applications that you have on your computer. Your browser software, for example, typically has a security setting in its preferences area. Check what settings you have and make sure you have the security level appropriate for you.

How to adjust Security Settings in Internet Explorer

In the main browser window, select 'Tools' and then 'Internet Options'. When you do this a further pop-up window will open, select the second tab named 'Security', then select 'Custom Level' - from there you can choose an appropriate level to meet your individual needs.

Educate your family and other users of the computer about basic security

It is important that everyone who uses your computer is aware of proper security practices. All users of the same computer should know how to update the virus protection software, how to download and install security patches from software vendors and how to create a proper password. It only takes one user mistake to infect a computer !

The Reality of Online Threats

Suspicious email
Types of emails that are suspicious

Such emails include advance fee fraud and variants including lottery scams, employment scams and fund transfers. An advance fee fraud is a trick in which the target is persuaded to advance relatively small sums of money in the hope of realising a much larger gain. Typically, such scams begin with a letter-form email sent to many target recipients making an offer that will purportedly result in a large payoff for the intended victim. The stories behind the offers vary, but the standard plot is that a person or government entity is in possession of a large amount of money or gold. This person (who are fictional or characters impersonated by the scammer), for various reasons, is either unable to access the wealth directly or is no longer in need of it. The target recipients are promised a large share of the money or gold if they will assist the scammer in retrieving the money from holding and/or dispensing of it.

The lottery scam involves fake notices of lottery wins. The winner will usually be asked to send sensitive information to a free email account. The scammer will then notify the victim that in order to release the funds, some small fee (insurance, registration, shipping etc.) is required. Once the fee has been sent, the scammer will invent another fee and attempt to collect it.

The employment scam usually involves emails offering employment opportunities with extremely attractive terms and conditions. Generally, after the applicants have been "accepted", they will be asked to pay a fee either to process a visa or as a deposit on accommodation. (Source: Wikipedia) In general, caution should be exercised when the email asks for your confidential information or login details, or directs you to a webpage that asks for such information.

How to spot a suspicious email

Typically, a suspicious email does not address the recipient personally. There may be spelling / grammatical errors in the email. As set out above, such email usually request for personal information. Further, the email address of the author of the email and return email addresses provided in the text of the email (e.g. xxx@standardchabnk.com) and the use of webmail are additional indicators that an email may be suspicious.

What to do in the event you receive a suspicious email

If you do receive suspicious emails, do not respond or provide any information. In addition, do not click on any link contained in the email or provide any Internet or telephone banking login details. Please contact Standard Chartered by forwarding the suspicious email (with full email headers) and all attachments to group.webmaster@standardchartered.com.

As email programmes often display abbreviated headers (e.g. "Mr. X" instead of the actual email address, xxx@yahoo.com), please obtain the full email headers which sets out the specific route the message took. For more information on how to obtain the full email headers, you may wish to visit http://www.haltabuse.org/help/headers/index.shtml.

Vishing
What is Vishing?

Vishing is the term given to the practice of leveraging Voice over Internet Protocol (VoIP) technology to trick people into providing personal and financial details over the phone for financial reward, by pretending to represent real companies such as banks, which the fraudster then uses to achieve some financial gain. The term is a combination of "voice" and phishing. A "visher" is a person who perpetrates a Vishing attack.

Vishing exploits the public's trust of landline telephone services. Traditional land line services end in a physical location which is known to the telephone company, and is associated with a bill payer. With the advent of VoIP, telephone services may now terminate in computers, which make illegal acts easier to achieve than with traditional "dumb" telephony endpoints. (Source: Wikipedia)

A typical Vishing attack could follow a sequence such as described below:

  • The fraudster sets up an automatic dialler which uses a modem to call all the phone numbers in a given region.
  • When the phone is answered, an automated recording is played to alert the customer that his/her credit card has had illegal activity and the customer should call the recorded phone number immediately. The phone number could be a toll free number often with a caller identifier that makes it appear that they are calling from the financial company they are pretending to represent. Net phone technology makes it easy to fake the number someone is calling from.
  • When the customer calls the number, it is answered by a computer generated voice that tells the customer they have reached 'account verification' and instructs the consumer to enter their 16-digit credit card number on the key pad.
  • Once the customer enters their credit card number, the "visher" has all of the information necessary to place fraudulent charges on the consumer's card. Those responding are also asked for the security number found on the rear of the card.
  • The call can then be used to obtain additional details such as security PIN, expiry date, date of birth, bank account number, etc.
How to avoid becoming a victim of Vishing

Take steps to protect your personal information and bank account. If you are called by a so-called "Bank" or an organisation purporting to be a "Bank", be aware of the following:

  • Legitimate banks would have knowledge of some of your personal details. Be suspicious of any call that appears to be ignorant of basic personal details like first and last name (although it is unsafe to rely on this alone as a sign that the call is legitimate). If you receive such a call, report it to your bank.
  • Do not call and leave any personal or account details on any telephone system that you are directed to by a telephone message or from a telephone number provided in a phone message, an email or an SMS especially if it is regarding possible security issues with your credit card or bank account. When a telephone number is given, you should first call the phone number on the back of your credit card or on your bank statement to verify if the number given is actually an office number of the bank.
  • Make sure you call your bank or the company that is the subject of the call to check that the call is legitimate before disclosing any personal information.
Who are the intended victims?

Vishing calls are indiscriminate and randomly target people. The fraudsters are cunning and they may not know your real name nor any other real information about you but they will try to convince you to provide your account details. Because it is unlikely they know your name they tend to address their victims in vague terms, like "sir" or "madam".

What to do in the event you receive a Vishing call:

If you do receive a suspicious call/email/phone message, please contact Standard Chartered Bank by using the contact number on your statement or on the back of your bank card.

You can also report the incident directly to your regional organisation who are set up to combat electronic incidents including fraudster acts such as vishing.

Important points to remember
  • Standard Chartered Bank will never randomly call you requesting that you provide personal details including your PIN over the phone.
  • If you receive a suspicious call, report it by contacting Standard Chartered Bank on the number provided on your statement or on the back of your bank card.
  • If you have disclosed information verbally or via your phone key pad, immediately contact Standard Chartered Bank as above and the police.
Phishing
What is Phishing?

Phishing is the term given to the criminal practice of sending random emails purporting to come from genuine companies such as banks and ecommerce organisations. The emails try to convince customers of those companies to disclose personal information on fake websites operated by criminals. The emails often contain emotive messages and claim that it is necessary to "validate" or "update" customer account information. The emails contain instructions to click on a link within the email which takes the recipient of the email to the fake website. Here all information entered is collected by the criminals. Information captured through Phishing may be used to perpetrate different criminal acts. Your funds may be stolen and used to finance other criminal activities such as human trafficking, drugs and prostitution and your identity may be cloned and other criminal acts undertaken in your name.

How to avoid becoming a victim of Phishing?

It is important to remain vigilant and be suspicious of all unsolicited or unexpected emails you receive, even if they appear to originate from a trusted source such as Standard Chartered Bank. It is important to remember that Standard Chartered Bank will never ask you to reconfirm any personal information by clicking on a link in an email and visiting a website.

The structure of a Phishing email - Who is the email from?

The structure of the Internet makes it relatively simple for criminals to create fake entries in the "From:" box of an email. This means that Phishing emails often look like they come from a real bank email address. Phishing e-mails often look like they come from a real bank e-mail address.

It is important to remember that the email address you see in the "From" field may not be from the person or organisation that it claims. The message is also likely to contain odd "spe11ings" or cApitALs in the "Subject:" box - this is designed to bypass spam filter software and increase their chances of delivery to a potential victim.

The structure of a Phishing email - Who are the intended victims?

Phishing emails are sent out randomly using bulk email lists. The criminals are cunning and whilst they may not know your real name or indeed anything else about you they will try to convince you to provide your account details. Because it is unlikely they know your name they tend to address their victims in vague terms such as "Dear Customer". The email may well include grammatical and spelling errors as it is likely that English is not their first language.

Some emails may also contain a login form directly in the body of the email to add authenticity to the scam.

Fake hyperlinks

As with forging email addresses in the 'From' box, it is also very simple to hide a hyperlink's true destination. This means that the link displayed in an email and anything which shows up in the status bar at the bottom of your email programme can be faked.

The Structure of a Phishing website - The URL

The criminals are clever and use a number of techniques to hide the true location of a fake website in the address bar. The website address may begin with the genuine site's domain name (eg: online-banking.standardchartered.com.hk), but unfortunately that is no guarantee that it points to the real site. Other techniques may include using addresses made up of numbers (IP addresses), registering a similar domain name, or even inserting an image of the real address into the browser window. To add credibility to their fake sites, many criminals create direct links from their pages to the genuine website.

The Structure of a Phishing website - Pop-up windows

Another technique involves loading a genuine website into your web browser and then creating a fake 'pop-up' window over the top of it. Again this technique is employed by criminals to add credibility to the scam. When used you can see the real website in the background, however any information you type into the pop-up window will be captured by the criminals and used for their criminal purposes.

It is important to remember that you should always access your online banking account, by typing the address into a new window.

What to do in the event you receive a Phishing email:

If you do receive a suspicious email, please contact Standard Chartered Bank by forwarding the suspect email to group.webmaster@standardchartered.com.

You can also report the incident directly to your regional organisation who designed to combat electronic incidents including criminal acts such as Phishing.

Important points to remember
  • Standard Chartered Bank will never send you an email requesting for you to "verify" or "update" your password or any personal information by clicking on hyperlink and visiting a website.
  • Be cautious about all unsolicited emails and never click on hyperlinks from these emails and provide personal information.
  • To connect to Internet banking, open your web browser and type the address in yourself (http://online-banking.standardcharted.com.hk).
  • If you are in any doubt about the validity of an email, or if you believe that you may have disclosed information on a fake website, contact Standard Chartered Bank by sending an email to group.webmaster@standardchartered.com.
Trojan Horses
What is a Trojan horse?

Trojans are a type of computer virus and their name is derived from the term 'Trojan Horse' from Greek mythology. They can be downloaded and installed on a computer without the computer owner's knowledge. Trojans are capable of performing sophisticated tasks; some variants can install a "keystroke logger", which will capture all keystrokes entered into a computer by a keyboard, others are designed to capture specific information entered at specific websites such as banks or ecommerce stores, either by keystroke logging or taking screen shots. As with Phishing, the information is then sent to the criminals over the Internet, however this time directly by your computer.

Criminals typically send out random emails containing emotive or intriguing messages in an attempt to lure people to click on a hyperlink contained in the email and visit a malicious website. These websites may contain Latent vulnerabilities various web browsers are exploited to download and install the specific Trojan.

It is important to remember to be cautious if you receive unsolicited emails from unknown sources and never click on hyperlinks in emails to visit unknown websites.

How can I prevent installing a Trojan?

At present Trojans take advantage of vulnerabilities in web browsers. It is strongly advisable that you ensure your operating system and web browser remain patched with the latest version or security updates as issued by the vendor. Many of the patches are designed to prevent criminals from exploiting vulnerabilities in current software versions. It may also be worth reviewing your current choice of browser to one less popular as many of the Trojans are created to exploit vulnerabilities in the most popular browsers.

Using simple PC security routines such as ensuring you use up to date Antivirus software, installing a personal firewall (software or hardware based) and taking advantage of the latest security updates for your browser and operating system software will help to prevent infection by Trojans.

Important points to remember
  • Be cautious about all unsolicited email (especially those from unknown senders) and never click on hyperlinks from these emails to visit unknown websites.
  • Install and keep updated Anti-virus software and run regular scans (once a week as a minimum).
  • Install and use a personal firewall (hardware or software based).
  • Install the latest security updates, for your browser and operating system.
  • Some criminals use emails to trigger the download and installation of Trojans when your email programme uses HTML (Hypertext Markup Language) to display the message - HTML settings allow you to view images in your emails. It is always safer to open all your emails in 'plain text' format.
Suspicious emails

In addition to targeted emails requesting bank account details, the criminals behind Trojan emails often use emotive or intriguing subjects such as ('Typhoon Warning' or 'Your ISP account is expiring) to lure people into clicking a hyperlink from the email to visit an unknown website. By employing a good anti-spam filter you should be able to significantly lessen the chances of receiving Trojan related emails.

Malicious Websites

These websites try to harm your computer by installing malicious programmes (malware) such as viruses, Trojans or Spyware. The websites themselves can appear to be completely benign as they install the malware in the background although you might notice your computer running slower than normal or you might notice your Internet connection is very busy.

Mule Operations
What are mules?

As the criminals behind these frauds are mainly located overseas they attempt to recruit "mules" or "money transfer agents" to launder the funds obtained as a result of phishing and Trojan crimes. Following recruitment the criminals transfer money from the stolen accounts to the mules and they in turn withdraw the money and make overseas payments normally using wire transfer services minus commission as payment.

The criminals recruit mules through a variety of methods including spam emails, by placing adverts on genuine recruitment sites and in newspapers. They have also been known to have approached people directly who have placed their CV's online.

Typically the criminals create fake companies or charities which they use to recruit for positions such as "shipping manager", "financial manager" or "donations manager". The offers give people the chance to earn money easily for a few hours work each week. The only requirements are usually that you have a bank account (often from a specific list) and a private Internet connection.

How to avoid becoming involved in a scam

As with Phishing and Trojans, be wary of any unsolicited job offers or too good to be true offers. You should be particularly cautious of offers from companies or individuals located overseas, as it is harder to verify who they really are. You should make all reasonable effort to verify any company which makes you a job offer. This should include checking with the appropriate chamber of commerce or government office for corporate registrations or charity registrations. A simple search on Google with the company name or email address may also reveal whether the company is known to be a criminal front.

It is important to remember that by simply allowing someone to use your bank account to launder the proceeds of Phishing or Trojan activity you will be committing a criminal act. Mules are also the easiest part of the criminal organisation to identify.

Mule recruitment campaigns

The adverts and offers may take a number of different forms. Criminals may copy a genuine company's or charities website and register a similar domain names to increase its legitimacy. There are common threads to the adverts; most will claim to be overseas companies or charities seeking representatives or agents to act on their behalf. You may find that the advert is written in poor English with simple grammatical and spelling errors.

How to report a mule scam

If you believe you may have disclosed your bank account details or received funds into your account as part of what you now believe may be mule activity, you should contact us at group.webmaster@standardchartered.com.

Important Points to remember
  • Exercise caution if you receive unsolicited offers or opportunities for work, especially if the company is based overseas.
  • Attempt to verify the details of any organisation you are actively considering dealing with (including searching on the Internet for their name and reputation).
  • Never give your bank account details to someone you don't know or trust.
  • Contact at your local enforcement authority if you believe you may have become involved in or are a victim of mule activity.

Call Us

Call our hotline for further information.

1595

Contact Us

Alternatively, please complete our contact form and we will be in touch as soon as possible.

Contact Us »
Compliments/Complaints »

Locate Us

Visit the branch that is nearest to you.

Find a Branch »

You might also be interested in

Online Banking

The service allows you to deal with your banking needs anywhere at your fingertips. It will free you from the hassle of visiting the branch.

More details »
SMS Banking

With SMS Banking you can perform your financial transaction any time and anywhere by using SMS text.

More details »
Bill Payment Service

Bill Payment is now easy, whether it is payment for insurance, credit cards, loans, and other more than 100 merchants.

More details »
Back to Top

Speaking Up

Standard Chartered Bank (the “Bank”) is committed to maintaining a culture of the highest ethics and integrity, and in compliance with all applicable law, regulation and internal policy. As part of this commitment, the Bank has a ‘Speaking Up’ programme through which genuine concerns in this regard can be raised. Members of the public can securely raise Speaking Up concerns through this hyperlink, which is hosted on behalf of the Bank by a third party ‘InTouch’. Examples of concerns that can be raised through this website are concerns that relate to accounting, internal accounting controls or auditing matters and concerns relating to bribery or banking and financial crime. Concerns received will be forwarded to the Bank’s investigations team for review. Complaints relating to SCB banking services should not be raised through this site in the first instance, but through the SCB branch network, contact centres, Relationship Managers or the ‘Contact Us’ webpage.

Disclaimer

Please note that this hyperlink will bring to you to another website on the Internet, which is operated by InTouch, an independent company appointed by the Bank to support its Speaking Up programme. Please be mindful that when you click on the link and open a new window in your browser, you will be subject to the additional terms of use of the website that you are going to visit.

Proceed