ONLINE SECURITY INFORMATION

I. ONLINE SECURITY
Make sure you have the latest security updates & patches
Install anti-virus software
Keep your software and browser up to date
Understand how criminals use the internet
Use personal firewalls
Avoid online fraud and scams
Read our password advice
Don't share private information online
Secure your wireless network
Protect your mobile phone and tablet devices
Take care offline

II. YOUR RESPONSIBILITIES

III. HOW HSBC PROTECTS YOU ONLINE

IV. SECURITY ALERT
Fraudulent websites
Fraudulent email
Phishing mules
Spyware
Trojan Horse
Keystroke capturing/logging

I. ONLINE SECURITY

At HSBC, we strive to deliver the most secure and convenient online banking services for our customers. As part of our effort to maintain the highest level of security on our site and for our internet banking users, we ask that you read and be aware of the below information. Please do not hesitate to contact us if you are unsure of the validity of any request purporting to be from the bank: Personal Internet Banking : (84 8) 37 247 247(the South) or (84 8) 62 707 707 (the North).

For your security, please disable all plug-ins in your browser, as they may attempt to manipulate your information.

Plug-ins provide additional functions to your web browser, such as allowing different file formats to be displayed, or supplying live news feeds. Users should be very prudent when installing plug-ins, as some are malicious and can attempt to harm your PC and capture your private information. For this reason, we suggest that you do not install plug-ins into your web browser and if you do, to disable them before using secured sites, such as our Internet Banking.

PROTECT YOURSELF ONLINE

In our view, there are a few key rules that offer the most protection online for the least amount of effort. By following these rules you will greatly increase your PC's protection, not just when you use our Internet Banking services but when you use the internet generally.
They are not all the measures you can take, but are an excellent start. They are equally applicable to business owners and to private individuals:

What you should always do:

 

* Make sure you have the latest security updates & patches

From time to time, vulnerabilities are discovered in programs running on your PC. The publisher will then release a “patch” to correct this weakness. These weaknesses are regularly exploited by virus writers and hackers to gain unauthorised access to those PC’s that have not been patched.
To check for patches and updates you should visit the publisher’s website, typically in their Download section.

Microsoft users can visit: http://windowsupdate.microsoft.com which can automatically check what is required for both operating system and browser and then download it at your request.
Apple Mac users can visit: https://www.apple.com/downloads and navigate to Software Update where a list of the most recent security updates is available for download. Alternatively by clicking from the Apple Menu on your Mac device and selecting Software Update you can also be sure you are running with the latest security updates available.

Top Top

 

* Install anti-virus software

Viruses are bad news. They steal personal information, take over your PC, pop up unwanted adverts and they can even use your computer to attack other people's computers. You may also hear them called malware, trojans, spyware or adware. Anti-virus software protects you against all of them.

You may already be using anti-virus software but to be effective, the software should be updated on a regular basis with the latest virus definition files. If you are unsure how to do this, you should refer to the program's Help function.
It is a good idea that you install anti-virus software if you don't have any already. The most common commercial products include McAfee(available to PC users only), Trend Micro, Sophos, Symantec and F-Secure. It is also possible to obtain free anti-virus protection from Microsoft Security Essentials, Grisoft AVG Anti-Virus, Avira, Avast and ClamWin.
It is also possible to obtain free anti-virus protection. A search for “free anti-virus” on Google will provide a list of the most popular ones. However, be sure to visit the genuine site because there are many fake products claiming to protect your computer but which may actually infect it with viruses.

Top Top

 

* Keep your software and browser up to date

It is harder for viruses to infect updated software.
The criminals who create viruses take advantage of software bugs to infect computers. Software companies fix bugs with free downloadable updates. Most modern software will check for updates automatically. It is a good idea that you install updates for your software as soon as they become available.

Be wary of fake e-mails about bogus updates. Use the update software that comes with your computer – don't click on links in e-mails. You can check if your Windows computer is up to date in the Security Center in Windows Vista and in the Action Center in Windows 7 and Windows 8.
To be sure you are running the latest software on your Apple mac, you can click from the Apple Menu and select Software Update.

As well as your computer software, other programs need updating. The program you use to look at websites is called a web browser. Modern web browsers warn you if you visit fake websites and it is harder for viruses to infect them. It is a good idea that you install an up-to-date web browser. There are several to choose from and they are all free.
If you have updated your computer regularly, it is likely that you are already running either Microsoft Internet Explorer 11 (on Windows PCs) or Safari 7 (on Macs).

Top Top

 

* Understand how criminals use the internet

Criminals are in it for the money.

There are many ways for them to make money online. They may:
 •  Steal your passwords and bank details with viruses, fake e-mails and fake websites
 •  Ask you to provide security details
 •  Send spam with bogus offers and products
 •  Take over your computer and use it to attack other people's computers
 •  Use viruses to display unwanted adverts on your PC

We take your internet banking security and privacy very seriously. Protecting yourself and your money takes a bit of know-how and the right software.

Top Top

 

* Use personal firewalls

A firewall is a program that helps protect your computer from internet-borne threats, such as potential hackers and offensive websites.
A personal firewall is another small program that helps protect your computer and its contents from outsiders on the Internet. When installed, it stops unauthorised traffic to and from your PC.
 
There are many effective programs to choose from. Common commercial examples include Zone Labs, McAfee and Computer Associates.  
The widely recognised market leading free firewall is “Zone Alarm” from Zone Labs and there are many others to choose from. Zone Alarm is now used on over 20,000,000 PCs and has been awarded the PC World 2003 "World Class Award" for Best Firewall.

Top Top

 

* Avoid online fraud and scams

If it's too good to be true, it probably is.
When it comes to protecting yourself and your money on the internet be wary of ridiculous deals.
Criminals may contact you by e-mail, through websites you use, via SMS or even by phone. It pays to be on your guard because they can be quite convincing.

Here are some warning signs:
 •  Big promises. “You have won the lottery”
 •  Big threats. “Your account has been hacked”
 •  A false sense of urgency. “Act now or it'll be too late”
 •  Unnecessary secrecy. “Don't tell anyone”
 •  “Business opportunities” that involve holding or receiving money from strangers

There is no reason for them to contact you. Did you even buy a lottery ticket? If an attachment looks suspicious, don't open it. Don't install software unless it comes from a website you trust. If it doesn't feel right, take your time.
If you suspect that there is a problem with your personal or business internet banking, you can always talk to us first.

Top Top

 

* Read our password advice

Passwords are the key to your online account information so it's important to keep them safe.
Passwords are the key to your online account information. Avoid using the same password for different systems that are important to you. Doing so puts your money at risk should anyone discover this single password. For this reason, you are strongly advised to have a unique password for any services as critical as your Internet banking.

When choosing a suitable password, you might consider the following:
Be different – Avoid using the same password for different services.
Don’t be personal – Do not be tempted to use passwords that can be easily guessed, e.g. children’s names, pets' names, birth dates, telephone numbers.
Never write them down – We strongly recommend that you never write down or otherwise record your passwords. If, however, you feel that you have no alternative but to do so, you should ensure that you never write down or otherwise record your passwords in a way that can be understood by somebody else.
Keep them to yourself – No one at HSBC will ever ask you for your internet banking password.

In any event, you should never disclose your Internet login details anywhere online except at your usual online banking website which should be accessed in the normal way and never via a link in an email.

Top Top

 

* Don't share private information online

Double-check privacy settings on social networking sites.
What's your mother's maiden name? What's the name of the first school you went to? What was your favourite subject at school? What's your address? Birthday? Phone number?
All this information is useful to people who want to steal your identity or break into your personal internet banking. You wouldn't give this information away to a stranger in the street but if you use social networking sites, such as Facebook, Twitter or MySpace, you could be over-sharing personal data.

You may want to think carefully about the information you put into your profiles on sites like this. It is also a good idea that you check the privacy settings on each site that you use, to make sure you only share personal information with people you trust.
Please also remember that you must take all reasonable precautions to keep your details safe and prevent any unauthorized use of any cards and security details. If any information forms part of your security details, you should make sure that you do not disclose it to anyone else – see the terms and conditions that apply to your account(s) for more detail.

Top Top

* Secure your wireless network

A wireless network allows you to connect your computer to the internet without having to use a cable. It typically contains a wireless router, which uses radio signals to transfer data to computers within the network. Some wireless routers come pre-set to very insecure settings to help users connect to them for the first time – but this also means that other people could access your internet account quite easily. For this reason, you should always consult your manual or online guide to find out how to connect more securely through your wireless network – usually by creating a password.

Top Top

* Protect your mobile phone and tablet devices

Your mobile phone and tablet device may hold lots of personal information – take care of it. You may even use it for internet banking, downloading mobile applications and online shopping.

You may want to think about:
 •  Setting and using a security PIN code
 •  Adjusting the phone settings so that it locks automatically if you don't use it for five or ten minutes
 •  Not storing passwords or other sensitive information on your phone in a way that can be understood by someone else
 •  Not storing your home phone number and address under "home" in the contact list (you wouldn't want a thief to be able to know your address and be able to check if you're home)
 •  Be wary of voicemail and text message scams

Criminals may also create fraudulent mobile applications that look like ours so when you try to log on, they can steal your password. Be sure that mobile applications are downloaded from trusted app stores. Only install applications on your device from trusted app stores eg App Store and Google Play.

Top Top

* Take care offline

Review your bank and credit card statements for any unusual transactions or withdrawals and notify the bank immediately if you suspect any discrepancies.
Tell us of any changes in your personal details (eg address change)

Keep your paper records safe. Store your bank documents in a safe place. Always shred them when they are no longer required.
If you plan to cancel a bank/credit card (or it expires), immediately destroy the card by cutting it in two through the account number and the magnetic strip.

Top Top

II. YOUR RESPONSIBILITIES:

 • 

Keep your account details secure, i.e. do not openly disclose them

 • 

Never write down your security credentials or reveal them to anyone

 • 

Access your account from private places ex: home, office

 • 

Change your Password on a regular basis

 • 

Log off properly using the "Logoff" button, when you have finished an Internet banking session

 • 

Always disconnect from the Internet when finished; never leave a connection on when not using the service

 • 

Install a personal firewall and virus detection software on personal computers, and update them regularly to ensure protection.
 

III. HOW HSBC PROTECTS YOU ONLINE:

We are constantly reviewing the ways we can help and support you. Our proactive approach includes meeting some of the world�s leading security experts to discuss key issues and sponsoring joint initiatives to improve your online security.
We protect you by:

1.

Ensuring your online transactions are safe and secure. We use industry-standard security technology and practices to safeguard your account from any unauthorised access.

2.

Creating secure online sessions. When you log in to internet banking you are said to be in a secure session. You know you are in a secure session if the URL address begins with https:// and a padlock symbol appears at the top of the page as part of the address bar.

3.

Using encryption. Encryption Secure Sockets Layer (SSL) encryption technology is used within your Internet Banking session to encrypt (code) your personal information before it leaves your computer in order to ensure no one else can read it. Depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page. At HSBC, we use 128-bit SSL Encryption, which is accepted as the industry standard level. Any email service within Internet Banking is similarly protected with encryption technology (unlike your regular email which is usually not secured).

4.

Using session timeouts. If you forget to log-off after banking online, or your computer remains inactive for a period of time during a session, our system will automatically log you off. Pages viewed during a secure session are not recorded in your PC's temporary files.

5.

Using many layers of security. For obvious reasons we cannot disclose all of them, but the following are typically used: All our operating systems are updated with the latest security patches, Our anti-virus software is kept updated , We use firewalls to prevent unauthorized intrusion.

6.

Using Two Factor Authentication to provide an extra layer of protection. The Secure Key or Security Device is a two-factor authentication will help protect you from internet banking fraud. It is designed to make sure only you can access your personal information. Devices like these are commonly being used for secure transactions all round the world. With this technology you can enjoy far more secure online banking services and it's one of the smallest and simplest to use. Two-factor authentication means you not only need a password or PIN, but you also need a device unique to you.

7.

Using logons and passwords to make sure we're dealing with you. Online access to your account is only possible once you have authenticated yourself using the correct Internet Banking ID and security details. For this reason, it is vital that you do not share your password and do not use the same password for other services (e.g., Yahoo, Hotmail, etc.)

8.

Having automatic lockouts. After 3 incorrect attempts to logon, we disable online access to your account. To re-activate your account, you should contact our Contact centers described above.

IV. SECURITY ALERT

We would like to bring your attention to sites and emails purporting to be from HSBC, whether in Vietnam or elsewhere. These sites and emails aim to solicit sensitive personal information such as: Username, password, PIN, account numbers, credit card numbers, etc. Once obtained, the fraudulent party can gain access to the user’s account, channel money to a third party, or impersonate the user, to name a few.

Fraudulent websites

This is a sample of what a fraudulent website may look like - notice how the site address does not match the displayed page:

Description
Authentic-looking websites created by Internet fraudsters that look like respectable websites, such as ours. People are often attracted to these sites through phishing emails (explained below), which urgently ask for personal and confidential information.

Tips:

 • 

Always type www.hsbc.com.vn directly into the browser’s address bar.

 • 

Make sure you're connected to the official HSBC site before keying in any confidential data.

 • 

Do not access your internet banking account directly through hyperlinks embedded in e-mails.

 • 

Check for the locked padlock symbol in your browser window.

 • 

Ensure the secure browser session is established with HSBC by verifying the information, such as the issuer and the date on the server certificate.

 • 

Change your Password REGULARLY.

 • 

Advise us immediately if you receive either a suspicious email or phone call asking you to enter your logon details. DO NOT act on it even if it appears to be from HSBC. HSBC will never ask you to reveal your password, PIN or Security Code over the phone or via email.

Top Top

Fraudulent email

Phishing

Phishing involves an email message being sent out to as many internet email addresses as possible, claiming to come from a legitimate organization such as a bank, online payment service, online retailer, etc. The objective is to induce unsuspecting recipients, who happen to be customers of the legitimate organization being imitated, to respond to the email and to provide the information being requested. This information may include: date of birth, logon information, account details, credit card numbers, PIN numbers, etc.
Many of the email messages include a threat that failure to update or validate will result in, ex:, the account being frozen, or closed.

The email will contain a link that takes you to a spoof web site that looks identical, or at least very similar, to the organization’s genuine site (as shown above).  In some cases, when the link in the email is clicked, the genuine site is accessed, but is overlaid with a smaller window with the spoof site, making it more believable. Clicking on a link may also download malicious software, known as spyware onto your PC which will record your use of the internet and forward this information, and possibly a log of your keystrokes, to the fraudster. The fraudsters will use this financial information to compromise bank accounts, credit cards, etc.

Advance fee or “419 fraud”

This involves unsolicited letters and e-mail messages offering the recipient a generous reward for helping to move large sums of money, usually in US dollars. These funds are said to be anything from corporate profits, accumulated bribes or unspent government funds to unclaimed money belonging to a deceased person. The fraudsters are trying to obtain your banking details. The transactions typically require the recipient of the letter or e-mail message to pay something like a fee/tax/bribe to complete the deal – this is the advance fee. However, any fees paid will be lost.

Lottery fraud

This involves letters or e-mail messages which advise the recipient that they have won a prize in a lottery. To obtain the funds, they are asked to respond to the letter or e-mail message. A request will then be made for the recipient to provide his bank account details to allow for funds to be transferred. The recipient may also be asked to pay a handling/processing fee. If paid, this fee will be lost. Also, any details given will probably be used to commit further fraud.

NOTICE: Phishing emails with virus attachment from a fake HSBC UK email

HSBC Bank (Vietnam) Ltd. ("HSBC") has recently been made aware of a number of phishing emails impersonating HSBC Bank requesting customers to down-load the virus attachment from which virus will be spread to your PCs / smart phones. In order to proactively prevent phishing and protect your interests, you are highly recommended to:

 • 

Be vigilant with e-mails requesting you to click on a link to view the account balance, payment details from which virus is spread to your PC / smart phone. You are also recommended to delete unnecessary emails and all copies from your system.

 • 

Be vigilant with e-mails requesting your personal information. Do not provide or share any personal information such as Personal Identification Number (PIN), Internet Banking Password, Phone Banking PIN, Credit Card numbers, Account Information upon any third parties' request.

 • 

Never follow a link within an e-mail to start an HSBC Internet Banking session. Instead, key in directly to the browser address bar our URL ( www.hsbc.com.vn ) to access our secured Internet Banking site.

If there is any potential phishing identified, you should immediately report it to the authorities or HSBC Customer Service Hotline at (84 8) 37 247 247 (the South) or (84 8) 62 707 707 (the North) for prompt assistance. You are also encouraged to notify your family and friends of this fraudulent alert to deter these behaviours.

Tips:

 • 

Never respond to email messages that request personal or financial information and never click on a link in such an email.

 • 

HSBC will never ask for your logon details and personal information for internet banking, phonebanking or ATM services. These include your Username, Password, PIN, security code, account number, identification/ passport number, address, phone number, etc.

 • 

Do not speak out the Password, PIN or security code during the call, as no call centre representative will ever ask for this over the phone. If you have forgotten your Password or PIN, a few questions relating to your personal information, NOT your Passwords or PIN, will be asked for authentication.

 • 

Log on directly from your browser. This will avoid you from being sent to a false site. Remember: No email from HSBC will contain a hyperlink to our logon page.

 • 

Contact us if have any concerns or misgivings about something purporting to be from our Bank.

Top Top

Phishing mules

Once the fraudsters have collected financial information of individuals via phishing, they are then in a position to abuse this information and steal money from the compromised accounts.  In order to cover their tracks, however, they recruit unsuspecting individuals to act as go betweens by placing a variety of tempting job adverts on the Internet promising the chance to earn money quickly without expending much effort. These recruits are known as mules.

The bank accounts of the mules will be used to accept transfers of money from the compromised accounts. The mules will be asked to withdraw the money from their accounts in the form of cash and forward it, minus their commission, to the fraudsters using an international money transfer agency. The fraudsters can therefore maintain their anonymity, but there is a trail to the phishing mules, which can be followed by the authorities.

Tips:

 • 

Be very careful about job offers which involve the acceptance and release of funds to a bank account in return for commission. Mules recruited by phishing fraudsters are money laundering and are likely to face criminal prosecution.

Top Top

Spyware

It is a computer software program that gathers information about a computer user, in most cases without the user's knowledge or informed consent. It then transmits the collected information to a third party who can potentially manipulate the information.
Such software program may claim to be able to speed up your internet connections but in fact redirects your internet session through their own servers.

This means that Spyware has the ability to gain access to your passwords, PINs, credit card numbers and other personal transactional details. Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this anti-virus software is not effective in identifying and removing spyware. In order to find out if spyware is present on your PC, it is necessary to download and run specific anti spyware programs.

Examples of anti-spyware security software products available at present are eTrustTM PestPatrol@, Anti-Spyware, McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable product to protect against the possible security threats of spyware on your PC.

Tips:

 • 

Do not download any freeware onto the computer that you access internet banking with.

 • 

Your anti-virus software should be updated on a regular basis with the latest virus definition files.

 • 

Change your Password REGULARLY.

 • 

Run an anti-virus software program and/or anti-spyware software before you download other programs or open e-mails.

 • 

If you think that you have installed such software in your PC, you may wish to seek professional IT advise on steps to be taken to uninstall the software from your PC.

Top Top

Trojan Horse

A type of computer virus that is a computer program masquerading as another program.
It appears innocent, but your files could be damaged or erased if you open the program.

Tips:

 • 

Install anti-virus software, a personal firewall and security patches.

 • 

Always run an anti-virus software program before you download other programs or open emails.

 • 

Update your anti-virus software

 • 

Change your Password REGULARLY

Top Top

Keystroke capturing/logging

Anything you type on a computer can be captured and stored. This can be done using a hardware device attached to your computer or by software running almost invisibly on the machine. Keystroke logging is often used by fraudsters to capture personal details including passwords. Some recent viruses are even capable of installing such software without the user's knowledge.

Top Top

  © Copyright. HSBC Bank (Vietnam) Ltd. 2015. All rights reserved.