Fraudulent calls, SMS, emails and promotional materials

Fraudulent calls, SMS, emails and promotional materials

Understanding fraudulent calls, SMS, emails and promotional materials

Fraudsters may pose themselves as staff of Hang Seng Bank or other financial institutions, and contact customers by phone call, SMS, emails, promotion materials or message from instant messaging app. By using fraudulent tactics (for example, offering attractive preferential interest rates), they induce customers to provide personal information such as ID card copies, payroll slips, proofs of address and bank statements to them for applying banking products including personal loans or credit cards. Meanwhile, fraudsters also ask customers to make deposits into designated account(s) as margin or service fee.

Fraudsters may claim unusual transaction record is identified in your bank account / credit card through pre-recorded message phone call, and then request you to provide them sensitive personal information such as account number, username and log-on password for “investigation”. They may even purport as courier company employee, government official, or your relative, friend or business partner and force you to provide personal information, or to transfer a sum of money to a designated bank account for various reasons.

In order to promote their reliability and reduce victim’s suspicion on their identities, fraudsters may show customers a highly-imitated staff card, name card or document proof of the institution they pretend, or behave as no fear on identity verification that providing you a fake staff number and fake identity verification hotline number in the process of pretending.

Identifying fraudulent SMS messages

To help the public verify if an SMS sender address is authentic for combatting fraudulent activities, the Office of the Communications Authority (OFCA), along with the telecommunications and bank industry, has established the SMS Sender Registration Scheme[1] (SMSRS).

To make it easier for you to identify if an SMS is from us, starting from 28 Jan 2024, we will be using registered sender IDs[2],[3],[4] with prefix "#" to send SMS messages:

  • #HASE
  • #HASEsecure
  • #HASEnotice
  • #HASEcomms
  • #HASEassure
  • #HASEshield
  • #HASEmemo
  • #HASEalert

Please note that the Scheme is not applicable to SMS messages that receiving parties are expected to reply to the senders via phone numbers; or local subscribers of Single-Card-Multiple-Numbers / One-Card-Two-Numbers mobile service provided by non-Hong Kong operators.

You can also check the participating organisations and their registered sender IDs on the OFCA website.

Identifying bogus call

You may spot bogus call with the below hints:

  • “Caller ID” includes a ‘+’ sign, which indicates the call is coming from outside of Hong Kong
  • A pre-recorded message notifying you on unusual condition of your bank account or credit card
  • Poor sound quality of the call, which sounds like long distance call
  • Caller refuses to provide the name of their department or a call-back phone number
  • Caller is focused on trying to sell you low-interest credit products or services, such as personal loans or refinancing loans
  • Caller is eager to complete the transaction and appears unwilling or unable to provide you with sufficient details about the product or service or its related Terms and Conditions
  • Caller asks for any sensitive personal data, such as log-in password or one-time password

Countering fraudulent calls, SMS, emails and promotional materials

To safeguard your interests, please consider adopting the below measures to avoid falling victim to bogus call and SMS:

  • If you are in doubt of the received call or message, write down the identity of the caller / sender and their phone number, then call customer service hotline / identity verification hotline from associated organisation and provide the aforementioned information for confirmation (Hang Seng: Customer Service Hotline (852) 2822 0228, press "#" and then "9" after selecting language; Other Hong Kong registered bank: refer to information from the Hong Kong Monetary Authority)
  • Ask callers how they have your phone number and account information. Terminate the call immediately if they refuse to reply
  • If you are in doubt of promotional materials you've received, please call respective customer service hotline or visit our branches for confirmation
  • Ask callers how they have your phone number and account information. Terminate the call immediately if they refuse to reply
  • Do not just identify caller’s identity by caller ID as caller ID is possibly manipulated
  • Never disclose any sensitive personal data (e.g. log-in password or one-time password) to caller in any circumstances
  • Do not provide caller the full set of personal data item (such as identity card number) per their request. Financial institution staff usually provide partial of the requested personal data they have in the identity verification process
  • Never make deposit into account of an individual or a company in the application process of our banking products
  • Before opening a hyperlink in a text message, you can use the "Scameter" launched by the Hong Kong Police Force to evaluate the security risks of the website
 
If you believe the SMS, email or promotion materials claiming to be from Hang Seng Bank is bogus, you can report a case to us by forwarding the message to phishing@hangseng.com.

Things to note:

  • Ensure you copy the full voice message, SMS text, email, promotion materials or website address (URL) into the body of the email
  • Do not send any sensitive personal information within the email
  • Please note phishing@hangseng.com is an automated inbound mailbox only. You will receive an automated response from us when we have received your email
 

Hang Seng would like to notify customers that the Bank has not authorised or appointed any intermediary companies to make calls or send messages to promote its personal loans, tax loans or credit cards. The Bank does not reach customers by a pre-recorded message on unusual account condition. Hang Seng and its staff members never request customers to make deposits into any account of an individual or a company when assisting you in application of banking products or services. The Bank would send message to or call your mobile phone number in our record for parts of card and banking transactions.

Footnote

Remark(s)

  1. Major telecommunications service providers have joined the Scheme since 28 Dec 2023. Other telecommunications service providers will follow progressively.
  2. For normal forwardable SMS, such as marketing and servicing-related, the primary sender ID is #HASE and the contingency sender ID is #HASEcomms.
  3. For non-forwardable SMS, such as one-time password, the primary sender ID is #HASEsecure, and the contingency IDs are #HASEassure, and #HASEshield.
  4. For dual-forwardable SMS, such as transaction notification, the primary sender ID is #HASEnotice, and the contingency IDs are #HASEmemo and #HASEalert.