Security Tips
The Bank of East Asia, Limited (“BEA” or “the Bank”) has adopted the latest security technology to prevent unauthorised access to customers' bank accounts and provide a well-protected online services. You are encouraged to read the following advice to ensure the safety of your transactions and information.
- Major Security Tips
- Use of e-Channels (including BEA Online/Corporate Cyberbanking/BEA Corporate Online and BEA’s official mobile applications)
- Use of ATM Services
- Use of i-Teller Services
- Use of Phone Banking
- Use of Instant Messaging
- Usage of OTP and i-Token
- Fraud Prevention Information
- Our Advice on preventing Investment Fraud
- More Security Information
- Major Security Tips
- BEA staff will never use any outbound channel (be that telephone, email, SMS or any other instant messages) to request that you reveal sensitive information such as full HKID numbers, account/ credit card numbers, or any kind of Personal Identification Numbers (“PINs”), including one-time passwords (“OTPs”). Do not, under any circumstances, disclose such information to anyone, even BEA staff or police officers.
- Never disclose your BEA Online/ Corporate Cyberbanking/ BEA Corporate Online login number/ username or password to anyone.
- Do not enter your e-banking login details on any user interface accessed through email attachments or hyperlinks embedded in any email, SMS or instant message, social media platform, online trading platform, QR code or search engine. If you receive any suspicious message requesting you to input any sensitive information, please verify the legitimacy of the related message with relevant organisations through their official channels.
- Do not readily accept requests from strangers asking to access your device or share your screen in the name of providing assistance.
- If you encounter any suspicious call, message, online buyer and seller, friend request, job ad, investment website, etc., you are recommended to check the account name, payment account, phone number, email address, URL, etc. through the Scameter by clicking on https://cyberdefender.hk/en-us/ to assess the risk of fraud and cyber security before making any transaction.
- Take precautions against phishing scams (such as scams purportedly from government body or financial institution) hackers, viruses, spyware, and other malicious software.
- Please set up passwords that are difficult to guess by using a minimum of eight characters with no space and containing uppercase letters, lowercase letters, special characters and numbers. Avoid using easily accessible personal information such as telephone number or date of birth as your passwords. Use different passwords for different internet services, and change your passwords regularly.
- Do not write down your passwords on any device for accessing our BEA Online/ Corporate Cyberbanking/ BEA Corporate Online or on anything usually kept with or near it.
- Keep the operating system and apps installed on your device up to date with the latest security patches. Do not jailbreak or root your mobile devices. Install anti-virus and anti-spyware software, keep them updated, and scan your device regularly.
- Never use the same password for different online or social media accounts. If you suspect that someone has learnt your password, it is suggested that you change it immediately and contact with the Bank for assistance, if necessary.
- Beware of scams! Do not provide bank, credit card, investment, insurance and MPF account or other key personal information via hyperlinks embedded in suspicious messages purported to be coming from our institution!
- Use of e-Channels (including BEA Online/Corporate Cyberbanking/BEA Corporate Online and BEA’s official mobile applications)
- Only use our online service by typing www.hkbea.com into your web browser, through a bookmarked link, or through BEA’s official mobile applications.
- Be alert to your surroundings before logging in. Make sure no one sees what you enter and log off properly after use.
- To ensure secure transactions, please download BEA’s official mobile applications from an official app store (e.g. Google Play, App Store or Huawei App Gallery (global version)) or at our official website and do not use the app on any “jailbroken” or “rooted” devices.
- Change your PIN immediately when using your online service for the first time and destroy any documents containing your PIN.
- Always check your SMS/ email transaction notifications including notifications of i-Token’s activation/ deactivation from the Bank in a timely manner, and regularly check your transaction history, statements and/ or online activities history (BEA Online/ BEA Mobile)/ Audit Log (Corporate Cyberbanking/ BEA Corporate Online) including login, activation/ deactivation of i-Token, personal information update, increase of transaction limit, addition of new payee, PIN reset, unblocking of credit card or debit card, addition of credit card to mobile wallet and/ or eDDA maintenance instruction in e-Channels (including BEA Online/ Corporate Cyberbanking/ BEA Corporate Online and/ or BEA’s official mobile applications). Inform the Bank immediately in case of any suspicious situations.
- To keep your account secure, you can review your transaction limits regularly and to make necessary adjustments via e-Channels (including BEA Online/ Corporate Cyberbanking/ BEA Corporate Online and BEA’s official mobile applications).
- If, for any reason, your mobile phone number and/ or email address recorded at the Bank has been changed or become invalid, visit any of our branches or login to BEA Online/ BEA Mobile/ Corporate Cyberbanking/ BEA Corporate Online to update your personal information, if applicable.
- Verify the transaction details including the payee name and amount when making “FPS” small-value transfers or transfers to registered/ non-registered accounts using a mobile phone number, email address, FPS ID, QR code, or account number. If you have any enquiries, confirm with the payee before making the transaction.
- To prevent unauthorised access by others, you are suggested to set up auto-lock, passcode lock and enable remote wiping. If your device being loss/ theft, it is recommended to change your BEA Online/ Corporate Cyberbanking/ BEA Corporate Online PIN by logging into the BEA Online/ BEA Mobile/ Corporate Cyberbanking/ BEA Corporate Online and deactivate your i-Token, if applicable.
- Notify the Bank immediately of any actual or suspected unauthorised access of your account.
- Protect the computer and mobile phone used for logging in to the e-Channels. If your device supports biometric authentication (such as fingerprint or facial recognition), do not disable any features that enhance the security of biometric authentication and do not allow others to register their biometric information on your device.
- You should not use facial recognition for authentication if you have identical siblings or siblings that look like you, or if you are an adolescent with rapidly developing facial features.
- Do not use public computers or public/ unknown Wi-Fi networks to access online banking services. When logging in to online banking services through Wi-Fi, make sure to use an encrypted network and remove any unnecessary Wi-Fi connection settings. Disable wireless network functions such as Wi-Fi, Bluetooth and NFC, etc. when not in use.
- Avoid using online services through free or untrusted Virtual Private Networks (VPNs). If you need to use remote access technology to access online services, please use trusted software without publicly known vulnerabilities.
- Please download and install mobile applications by trusted and verified developers from official application stores. Evaluate permissions requested from mobile applications carefully before installation, if suspicious permission rights are required, do not install the mobile application.
- When you open Android version of BEA’s official mobile applications, if we detect that your mobile device has potential security risks, a security warning will be displayed on the screen, and prevents further login. Please carefully review the security warning content, and you are suggested to delete apps listed as potentially risky or turn off the accessibility setting for those apps.
- Regularly check and update your system’s web browsers and any of BEA’s official mobile applications on your devices.
- Be alert if using public USB charging stations for your mobile phone or device to avoid malware infection.
- Do not submit documents (such as scanned identity documents, bank statements, or letters) to any untrusted website or app.
- Use of ATM Services
- Remember your PIN and do not keep it with your ATM card.
- Change your PIN immediately when using your ATM card for the first time and destroy any documents containing your PIN.
- Be alert to your surroundings before conducting any transactions. Make sure no one sees your PIN, and cover the keypad when you enter your PIN.
- Check that the protective keypad cover is intact before using any ATM in Hong Kong. Contact the Bank immediately if in doubt.
- Should you notice any suspicious devices in an ATM (such as a micro-skimmer, pin-hole camera, fake key pad, etc.) or any suspicious activities around you when performing an ATM transaction, cancel your transaction and inform the Bank immediately.
- Retrieve your banknotes (if withdrawing cash), transaction receipt (if applicable), and ATM card as instructed after your ATM transaction is completed. Never try pushing your ATM card back into the ATM.
- Count your banknotes immediately after withdrawing cash. Keep all transaction receipts and check them against your account records.
- Do not take away any banknotes left behind by someone else at the cash dispenser or ATM card left in the card insertion slot. Let the ATM retract the banknotes and/ or ATM card automatically.
- Set the effective date and expiry date of overseas ATM cash withdrawal function before travelling. Disable the function when you have returned from travelling.
- If your ATM Card/ PIN is lost or stolen, please inform the Bank to report lost the ATM card immediately by visiting any of our branches, logging in to BEA Online/ BEA Mobile, or calling our hotline:
(852) 2211 1818 (during office hours)
(852) 2211 1862 (during non-office hours)
- Use of i-Teller Services
- Be aware of your surroundings and do not ask for/ accept assistance from strangers when performing transactions.
- After you have used the ATM card, please keep and safeguard it properly.
- Should you notice any suspicious device in the i-Teller (such as a micro-skimmer, pin-hole camera, fake key pad, etc.) or any suspicious activities around you when performing a transaction, cancel your transaction and inform the Bank immediately.
- Use of Phone Banking
- In order to prevent fraud, please keep your Phone Banking PIN secret.
- Never disclose your Phone Banking PIN to anyone (including BEA staff or police officers).
- Do not allow anyone to use your Phone Banking PIN to perform enquiries/ transactions.
- Update your Phone Banking PIN regularly to ensure safety.
- Use of Instant Messaging
During Onboard
- To verify invitation on “BEA RM Chat” in WhatsApp, you may look for WhatsApp invitation message from us from one of 8 registered numbers. A green tick is located next to the service name, indicating that it's a verified business account under WhatsApp. The WhatsApp Official Account is named as “BEA RM Chat”; The WeChat Official Account is named as “東亞銀行香港即時通訊助手”. Should you suspect any unauthentic chat message or unsure whether the invitation is from BEA, please contact your Relationship Manager.
- You'll need to accept the BEA RM Chat service terms and conditions when you use this service for the first time.
- For WeChat onboarding, we’ll send you a 6-digit One-Time PIN (OTP) via SMS. Enter the OTP in the chat to verify your identity. You must complete the OTP verification within 15 minutes. Once you've done that, you can start chatting with your Relationship Manager.
After Communication Channel is Established
- The Bank’s staff will never ask for sensitive information such as your HKID, account number or password, Personal Identification Number (“PIN”), one-time passwords (“OTPs”) generated with i-Token, credit card number, etc. Do not disclose or share such information with anyone, even BEA staff, under any circumstances.
- When you change your mobile number, please update your latest mobile number with us via online banking, in branch or contact our Private Bankers.
- Usage of OTP and i-Token
- Safeguard your two-factor authentication devices. Do not leave your security device (including your mobile phone with i-Token activated or capable of receiving SMS OTPs) unattended or allow anyone to possess or control your security device.
- Do not share any OTP sent to your mobile phone or provided by i-Token with other people.
- Do not install i-Token on any “jailbroken” or “rooted” devices.
- Carefully check the transaction details before entering your OTP or performing i-Token authentication.
- Fraud Prevention Information
- If you have suspicions about the identity of any apparent intermediary/ representative who promotes BEA products or services, you should immediately make a call to the Bank through official channels to verify.
- Notify the Bank immediately if you lose and/ or subsequently replace any identity documents which you registered with BEA when opening your account, or if you have any suspicion that your personal information, statements or account details may have been compromised or stolen.
- Beware of bogus SMS messages and voice message calls, and bogus telephone calls. They are usually associated with malicious intents, for example, frauds and scams, and/ or dubious marketing of lending activities. If you are suspicious about the identity of any callers, call the bank immediately through official channels to verify.
- If any sensitive personal and financial information has been divulged to the bogus callers and whether any potential financial loss has been resulted, please report to the police immediately and thus notify the Bank to take prompt and appropriate follow up actions to protect your interest.
- Beware of fraudsters who impersonate staff of the BEA Group. Beware of unauthorised share-trading transactions. If you notice any suspicious or unauthorised activity related to your account, you should make a call through an official channel and verify with the Bank immediately.
- To avoid being deceived by a message, verify the sender's identity through alternative channels before taking any action.
- Be wary of some potential phishing signals online. For example: suspicious sender addresses, email subject heading such as “Warning” or “FYI” with content requiring you to enter personal information or to click on a suspicious link; generic salutations, threatening or pressing language; badly written or badly spelled requests to provide sensitive information or instructions to open an attachment. In any such case, please verify the sender’s identity through their official channels or delete the message immediately.
- Before entering your credit card information and/ or an SMS OTP, please ensure the website is trustworthy.
- Keep alert when linking your credit card to any mobile payment service. An SMS will be sent to your mobile phone once your card has been linked successfully to a mobile payment service.
- Take precautionary measures to protect all mobile devices you own which can be used to access any BEA’s official mobile application or activated mobile payment service, and prevent others from accessing it.
- To avoid falling into the trap of any cyberscammers, it is recommended that you pay attention to the related materials and the latest news issued by Hong Kong Monetary Authority, Hong Kong Police Force or other authorized institutions.
- Our Advice on preventing Investment Fraud
- Do not connect to any websites or download any attachments by clicking on hyperlinks embedded in suspicious SMS messages, emails or web pages at will.
- You are advised to make investment through registered investment institutions.
- You may check out the public register of licensed persons and registered institutions on the website of the Securities and Futures Commission (SFC) (https://www.sfc.hk/en/Regulatory-functions/Intermediaries/Licensing/Register-of-licensed-persons-and-registered-institutions).
- You may enter suspicious phone numbers, web addresses or transferee’s account numbers on “Scameter” or “Scameter+”, the mobile app of “Scameter”, for security check (https://cyberdefender.hk/en-us/scameter/).
- Remind your relatives and friends to stay vigilant against deception.
- If in doubt, please call the “Anti-Scam Helpline 18222” for enquiries.
- More Security Information
To learn more about security issues, please click the following links:
Hong Kong Police Force:
- Beware of Technology Crimes
- What is Phishing Attack
- What is Online Account Hijacking?
- What is WhatsApp Hijacking?
Anti-Deception Coordination Centre’s anti-scam videos/alerts (in Cantonese with English caption)
- Latest Scam Alerts
- A-Shares Investment Fraud
- Telephone Deception
- Telephone Deception – Impersonating ADCC Officers
- Telephone Deception – Impersonating Bank Staff
- Telephone Deception – Impersonating Customer Service Staff of Short Video Platform
- Emotional Disturbances Faced by Scam Victims
- Employment Fraud
- Investment fraud
- Internet Investment Scams
- Celebrity Investment Scams
- Romance Scams cum Investment Scams
- Online Employment Scams
- Online Shopping Fraud
- Phishing SMSes/ Websites
- Hang up immediately when receiving calls purportedly from customer services! Even a kid knows that!
- Don’t join investment groups hastily! Even a kid knows that!
- Don’t make transfers hastily when there’re online shopping offers! Even a kid knows that!
For more details, please visit official website of ADCC (https://www.adcc.gov.hk/en-hk/home.html)
HKSAR Government:
Hong Kong Monetary Authority:
- Protect your Personal Digital Keys, Beware of Fraudulent Links! - Credit Card
- Protect your Personal Digital Keys, Beware of Fraudulent Links!
- Smart Tips on Using Net Banking Services
- Smart Tips on Using ATMs
- Smart Tips on Protection of Personal Digital Keys
- Smart Consumers Beware of Fraudsters!
- Scameter, Scan for Scam
- Scameter+
If you notice any suspicious transactions or receive suspicious transaction notifications, please call our 24-hour Customer Service Hotline (852) 2211 1333 immediately or visit any BEA branches. For suspicious transactions related to an ATM or BEA Online (including the BEA Mobile)/Corporate Cyberbanking/BEA Corporate Online, please complete a Report Suspicious Transactions Form for our handling. You can also call the Anti-Deception Coordination Centre (ADCC) on (852) 18222 for an anti-deception consultation service provided by the Hong Kong Police Force.