Bogus calls, SMS and phishing emails

Bogus calls, SMS and phishing emails

Warning against telephone deception –$10,000 Government’s Cash Payout Scheme

The police warn of a new use with fraudsters pretending to be bank staff or government employees asking for personal details including name, HKID and account credentials and pose as staff offering registration help for the Hong Kong government’s HKD10,000 Cash Payout scheme. Learn more about Telephone Deception – $10,000 Cash Payout Scheme at Anti-Deception Coordination Centre (ADCC).

Bogus calls, text messages and phishing e-mails

A sharp increase in bogus call cases occurred in Hong Kong in the first quarter of 2020. The criminals behind this fraudulent activity may misrepresent themselves to you by, for example:

  • pretending to be a courier company employee, government official, or your relative, friend or business partner; or
  • changing or falsifying their ‘Caller ID’ to display the name or number of Hang Seng Bank or other reputable financial institutions

 

The fraudster may then ask you to provide personal information, or to transfer a sum of money to a designated bank account for various reasons.

 

A fraudster may claim to be an employee of Hang Seng or other financial institution, and may invite you to apply for a personal loan or credit card, or claim there is a problem with your bank account or credit card. If you are unsure or suspicious of any call, voicemail and/or text message you receive, it is vital that you treat it with extreme caution and verify its authenticity before sharing any information or acting on any request.

  • Hang Seng Bank has not authorised or appointed any intermediary companies to make calls or send messages to promote its personal loans, tax loans or credit cards
  • You should not rely on a caller and/or display ID as proof of who is calling . Caller and display IDs can be manipulated or changed
  • If you are uncertain about the authenticity of any call or message, you should ask the caller or sender to provide their name, department and office contact number, or ask them how they obtained your phone number and account information. If they fail to disclose such information, you should immediately end the communication. You can call the Hang Seng Hotline to check the identity of any caller who claims to be a member of Hang Seng staff
  • Never disclose sensitive personal information (such as login passwords and one-time passwords) to a caller or in response to a message. Hang Seng will never ask you for any sensitive personal information by phone or e-mail

 

If you receive a phone call or SMS from a suspected counterfeit Hang Seng Bank, please write down the identity of the caller and the phone number, and call the Hang Seng Hotline (852) 2822 0228. After selecting your preferred language, press ‘9’ for assistance. Customers should check the hotline number with Hang Seng Bank first, instead of contacting the bank only according to the instructions provided by the SMS. Verify incoming calls and beware of being cheated.

 

Signs of a bogus call or message may include (but are not limited to):

  • The ‘Caller ID’ includes a ‘+’ sign, which indicates the call is coming from outside Hong Kong. Learn more at the Office of the Communications Authority
  • You receive a pre-recorded message notifying you that there is a problem with your bank account or credit card
  • The sound quality of the call is poor
  • The caller refuses to provide the name of their department and/or a telephone number for you to call them back
  • The caller claims that your bank account or credit card shows signs of abnormal activity
  • The caller is focused on trying to sell you low-interest credit products or services, such as personal loans or refinancing loans
  • The caller is eager to complete the transaction and appears unwilling or unable to provide you with sufficient details about the product or service or its related terms and conditions
  • If the caller ask for any sensitive personal data, such as a password, or promotes credit products or services during the call
  • The caller claims to be working for Hang Seng Bank. Please note that Hang Seng has not authorised or appointed any intermediary companies to call customers to promote personal loans, tax loans or credit cards

Hang Seng will only send you SMS notifications for certain credit card and bank transactions, and we will only use the mobile phone number you have provided to us, if any

Phishing e-mails and SMS

Phishing is a common method of criminal fraud. Fraudsters use electronic communications (such as e-mails and SMS) to pose as legitimate institutions such as banks, online payment service providers or online retailers. A fraudster may ask for your credit card and/or bank information, or tell you to click on a link or attachment or use a QR code that will take you to an illegitimate website or install malware on your computer or mobile device for the purposes of fraudulent or other criminal activity.

 

Phishing e-mails and SMS are often very difficult to distinguish from genuine e-mails and SMS from legitimate organisations. Similarly, any website you visit as a result of clicking on a phishing link or file may appear to be the legitimate website of the relevant organisation.

 

Before acting on any e-mail or SMS request that appears to be from Hang Seng or any other legitimate organisation, please note the following information and advice: 

 

  • Hang Seng will never proactively ask you for sensitive personal information (such as passwords) or ask you to click on a hyperlink in an e-mail or SMS to log in to Hang Seng Personal e-Banking or update your information
  • If you need more information about any bank offer, browse the bank's website or log on to personal e-Banking. You should visit the Bank’s website only by entering its website address in your browser, using your browser’s bookmarks or clicking directly on the Bank’s Mobile Banking app on your mobile device
  • All Hang Seng websites are encrypted. The website address will start with ‘https’. Learn more about e-Banking Security
  • Do not click on or use hyperlinks, attachments or QR codes in e-mails you receive unless you are certain that they have been sent from a legitimate organisation
  • If you have any doubt about the legitimacy of an e-mail or SMS, you should contact the relevant bank or institution by calling for its customer service hotline to confirm that the e-mail or SMS is genuine before taking any requested action
  • Hang Seng Hotline: (852) 2822 0228

 

BEFORE you act on an e-mail or SMS, ask yourself:

  • Does the e-mail request personal information, such as credit card numbers or account passwords
  • Was the message unexpected
  • Does the e-mail include attachments or hyperlinks
  • Does the e-mail ask you to take unusual actions, such as transferring money to an unknown source, or e-mailing your account information to others
  • Does the sender's e-mail address or phone number match the name and details of the company that the e-mail claims to be from (Refer to illustration below)
Example of phishing email
  • Is the e-mail address or phone number where you received the message different from the address and/or number you gave the company
  • Was the e-mail sent or copied to other people
  • If you hover your cursor over a hyperlink in the e-mail (please do not click the link) does it display a URL other than the official URL of the legitimate company that claims to have sent the message
  • Does the e-mail or SMS include grammatical or spelling errors

If the answer to any of these question is yes, the e-mail or SMS may be fraudulent and we recommend you call the bank or other relevant organisation to verify it.

 

In some recent fraudulent e-mails the sender claims to be a Hang Seng Bank director/senior executive/member of staff. The sender states that a large sum of money is being held in the Hang Seng account of an individual who has passed away. The recipient of the e-mail is invited to impersonate the account holder or a close relative in order to receive the money. The sender asks the recipient to provide their personal details to initiate the transfer process.

These e-mails are NOT being sent by Hang Seng and we have referred this activity to the police for investigation. If you receive any such e-mail, please contact the police.