If you suspect that there has been any unauthorised access of your account(s) online, or that any online transactions has taken place which is not initiated by you, please call our Customer Service at 03-76268899.
Protect your account information against financial malware and phishing attacks at no cost.
Make It Complicated
Create a password using a combination of alphabets and numbers, which makes it harder to guess. Never write your password down and that it’s changed regularly.
Sharing Is Not Always Caring
Never share information such as your username, password, MyKad number etc. via emails or pop-up windows and phone calls.
Don’t Click
Be careful of links in emails, SMSs, or pop-ups. Always type the web address yourself.
Protect Your Information
Shred or securely store your printed documents.
Check Your Transactions
Monitor your transaction records as often as you can. This way you will notice if there is anything suspicious.
Keep It Private
Never use a public computer or an unsecured wireless network (WiFi) when performing online transactions.
Disable the Auto-complete & Auto-save Function
Key in your login details for every login.
Clear Your Cache
After every online session, clear your internet cache. Usually this button is under the Internet Options section of your internet browser.
Look Out For the Padlock on Your Browser
When visiting websites that require you to share your security information, make sure the padlock is there. This indicates a secure connection.
If You Doubt It, Junk It
No matter how legitimate it may seem, never respond to unsolicited emails.
Vigilance is Key
For your online safety, visit www.mycert.org.my to find out the latest internet threats.
Do not enter your password if this Security Phrase is different from the one you registered
Use 8 – 12 characters of alphabets and numbers for your password. Special characters are optional.
HLB ConnectFirst will automatically log you off if no activity is performed after a while.
HLB ConnectFirst will be deactivated (dormant) if you do not login for 365 days.
Upon 3 unsuccessful attempts to log in, the User ID will be automatically blocked.
Up to 256-bit encryption with 128-bit minimum enabled by EV SSL certificate to secure online transactions.
Security Token (2-Factor Authentication)
2 factor authentication which is based on knowledge factor and possession factor.
Customisable authorisation matrix to allow single or multiple payment authorisation.
Electronic token (eToken) is incorporated as part of HLB ConnectFirst Mobile. It is an authentication factor registered in the mobile device for login authentication, account inquiry and payment authorisation.
Safeguard your login credentials to prevent unauthorised and fraudulent use of HLB ConnectFirst
Sign out of HLB ConnectFirst when the device is unattended.
Inform the bank should there be any changes to the Security Token user.
The Security Token and Security Codes are issued solely for your use with HLB ConnectFirst.
Phishing
What is Phishing?
Phishing is an automated form of social engineering used by fraudsters to deceive one to give away sensitive information. The initial phishing email is designed to entice the recipient to open the email and click on the link provided. The fraudsters use multiple methods to do this including enticing subject lines, forging the address of the sender, using genuine looking images and text and disguising the links within the email.
Protecting You from Phishing Scam
Online fraud such as phishing scams has been rampant around the world causing undue financial losses and distress that can be avoided with proper education and care. At Hong Leong Bank, we are making it a priority to protect you, our valued customers from such threats. With your online security in mind, we hope to equip you below with practical tips on how you can prevent yourself from being a victim.
Malware alert
What is Malware?
Malware is short for Malicious Software.
The commonly known malwares are viruses, worms and trojan horses. Malware is any kind of hazardous software that is installed in your electronic device without your knowledge or consent.
How does the “Zeus” malware work on infected computer or mobile/tablet devices?
Once the device is infected with malware, the fraudster is able to inject modified fake contents or pages while you are accessing a legitimate online banking website via your Internet browser.
IMPORTANT NOTE:
The bank will never communicate to you with urgent appeals that your account may be suspended or closed if you fail to confirm, verify or authenticate your company’s banking information on the website.
Does the “Zeus” malware affect all smartphone operating systems?
Based on initial analysis by Malaysia Computer Emergency Response Team (MyCERT), the affected systems are:
Smartphone running on Android platform.
Vulnerable and unpatched Windows Operating System.
How does malware infect your computer, smartphone or tablet device?
From email with Website URL hyperlinks or attachments
Opening an email attachment or clicking on a hyperlink may contain and allow the malware to be installed into your PC, smartphone or tablet devices.
When receiving an email with a hyperlinks or an attachment, if the email was not expected or from someone you don’t know, delete it. If the email is from an organisation or someone you know and you’re not expecting it or requested it, be cautious too; do not click on the given hyperlink or open the attachment as instructed , contact the sender to verify beforehand.
Not running the latest operating system, web browser or application updates
Running a web browser, applications or operating system that is not up-to-date with the latest updates can be a big security risk and can be a way your computer becomes infected.
Some of the updates from your computer, smartphone/mobile, tablet device manufacturer, web-browser or application provider (e.g. Microsoft, Apple, Blackberry, Samsung, LG, Adobe, Google, Mozilla etc), are security updates. Make sure you perform and have the latest updates to minimise the risk of malware infections.
From mobile SMS or MMS with website URL or attachments
Same as above emails with hyperlinks or attachments.
No antivirus scanner
It’s highly recommended that you have some form of antivirus on your computer, smartphone/mobile or tablet devices to help clean it from any infections currently on the computer and to help prevent any future infections.
Downloading applications (apps) from a website
Only download programs only from reputable websites and with a valid digital signature. If you are unsure, leave the site and research the website and the software you are being asked to install. If it is OK, you can always come back to the site and install it.
Files that don’t have a digital signature or were downloaded from an unknown source should always be treated as dangerous.
From instant mobile or web messaging with website URL or attachments
Same as above emails with hyperlinks or attachments. Examples of instant messaging are WhatsApp, Twitter and Line.
Accepting without reading
A user accepts what is prompted on the screen without reading the prompt or understanding what it’s asking. For example: while browsing a web page, an Internet advertisement or window appears that says your computer is infected with a virus or malware; you have won a prize; asking to complete a survey or that a unique plug-in is required. Without fully understanding what it is you’re getting, you accept the prompt that will install a malware.
How to protect yourself from malware?
Never click on an unknown website link or open an attachment sent via email, SMS, Twitter, WhatsApp or other popular text/instant communication applications, especially when the content is related to financial matters.
Be a smart surfer when browsing websites that are new to you, be careful of any pop-up window that requests for your personal information or prompts you to use a certain program.
Be very selective of the files or programs that you would like to download, always double-check the genuineness of the website and the source, even if it comes from your friends.
Keep your operating system, internet browser, applications and firewall up to date.
Install robust anti-virus, anti-spyware and firewall software on your computer and other devices and configure it to update automatically in regular intervals.
Run a full system scan periodically to remove any new found virus or malware, and you must reset your password and clear all browser caches, history, cookies, before you login to your online banking again.
Take note of any unusual signs on the daily handling of your mobile devices
High frequency of apps crash unexpectedly
Device battery drains out quickly
Pop-up notification or advertisement to install other apps
Overall device performance becomes sluggish without apparent reason
Outgoing and incoming SMS/calls being disrupted
Important reminder when you’re assessing HLB ConnectFirst
Do not respond to any form of pop-up screen or window or additional web pages asking for your personal info and smartphone platform (Android, Windows, etc).
Do not simply download and install/update any app on your computer or mobile/tablet devices without verification.
Do not root or otherwise ‘Jailbreak’ your computer or mobile/tablet devices and avoid side loading (installing from non-official sources).
Notify the Bank immediately when you came across anything suspicious or unusual web pages asking for personal information when you are about to login to your HLB ConnectFirst.
You are advised not to proceed with your online banking transactions until your computer or device has been checked and disinfected
Other common internet scams
Password Cracking
Password cracking is a common way to retrieve a password by repeatedly trying to guess the password. The most common method of password cracking is guessing and dictionary attack.
Keystroke Logging
Keystroke logging or more commonly known as keylogging is a way of obtaining passwords or info by capturing what user’s type. It is a diagnostic tool that comes in the form of software or hardware (i.e. inserted in the keyboard).
Login Spoofing
Login spoofing is a way of obtaining a user’s username and password. The user is presented with the bank’s Login page to prompt for the username and password. When the username and password are entered, the information is then passed to the attacker.
Mule Scam
As a result of responding to spam email or job recruitment that offers opportunities to make easy money, a person could fall for a mule scam. This person is known as “money transfer agent” or “money mule” whereby a mule’s bank account is used to receive stolen money from phishing victims and such accounts also act as a transit prior to the funds being sent abroad and later to be withdrawn by the fraudsters.
Spyware
Spyware is computer software that is often
installed into the PC without the user's knowledge and usually takes place during the user's download of free software, games or subscribing to free online services from the internet. Once installed, it not only monitors a user’s surfing activity but is also capable of retrieving any personal and sensitive information that is being transmitted on the Internet before it is sent in the background to interested parties.
Trojan Horse
Trojan horse is a type of malware (malicious software) which allows unauthorised access by an attacker to a user's computer and more often for the purpose of data theft (e.g. personal information, bank account numbers and password). It can be spread through opening email attachments from unknown people or visiting unknown websites.
Shoulder Surfing
Shoulder surfing, as it suggests, is a way of obtaining a user’s username and password by peeping.
How to identify a scam?
You receive an email, SMS or phone call claiming to be from Hong Leong Bank, asking you to provide personal financial/security information or OTP.
You receive emails or SMS containing a URL internet link which will lead you to a fraudulent unsecured login site.
You receive emails requesting you to open attachments or free software that may contain malicious software like viruses, spyware and trojans that are designed to steal your personal data.
Pop-up advertisements asking for personal or financial information are likely fraudulent, so it’s better to just close them.