Dear Valued Customer,

Recently, fraudsters have tried to trick customers into revealing personal information by sending them forged bank letters or websites. Industrial and Commercial Bank of China (Asia) Limited (“the Bank") would like to remind customers and the general public to be vigilant against phishing messages and do not disclose your personal information or bank account and password to third party. To protect your personal interests, please read the following information:

Phishing is a type of online scam in which fraudsters send you a phishing email or text message impersonating legitimate organisations such as the government, banks, online payment service providers, online retailers or business partners, with links or QR codes directing to phishing websites which look like the genuine websites of relevant organisations. The fraudsters would trick the recipients to input sensitive personal information including account number and password, personal details, credit card number and etc. The phishing messages may also include a malicious hyperlink, attachment, QR code or files which results in hacking activities and malware attack to steal your personal information if the recipients click on the link or open the attachment indiscriminately.

How to identify phishing emails or SMS messages:

• Fictitious messages are usually in the name of promoting rewards, or indicating fabricated transaction instructions and etc.;
• Include a hyperlink requesting you to log on or input sensitive personal information;
• Pay attention to the email subject. Check if there is anything unusual regarding the domain of the email address and the content such as inconsistent email content, grammar error or spelling mistake;
• The website has a different look from the genuine website and some of the links of the fraudulent website may be broken.

In order to protect your own interests, the Bank reminds customer and the general public:

1.Do not click or open any hyperlink, attachment or QR code in the suspicious email or SMS message;
2.Be vigilant about the content of the email or SMS message, especially the hyperlinks and contact details provided for verification purpose;
3.Do not enter your personal information in websites or software applications from unknown sources;
4.The Bank will never proactively ask you to provide any personal information by email or SMS message, nor will the Bank ask you to click on a hyperlink, QR code, attachment in the email or SMS message to disclose your sensitive information including bank account details, login password or one-time password;
5.Regularly change online banking password and enhance the security of e-banking, e.g. enabling the two-factor authentication or biometric authentication function.

If you doubt of the authenticity of emails, SMS messages or websites claiming to be from the Bank, please refer to the information on the Bank’s official website and search the suspicious hyperlinks on “Scameter” search engine launched by the Hong Kong Police Force to identify phishing message. If you confirm that you have received phishing messages and have already disclosed personal information and sensitive account information, or if you suspect your account has been misused, please change your bank account password immediately or suspend the online banking service. Please check your transaction record promptly and if you identify any unauthorised transactions, please call the Bank’s hotline at 218 95588 or visit our branch nearby for reporting, and immediately contact Hong Kong Police Force

For more information, please refer to the official website of Anti-Deception Coordination Centre,the official website or Youtube channel of CyberDefender.