Online Business Banking Security Tips

• You receive an email, SMS or phone call claiming to be from HL Bank, asking you to provide personal financial security information. 
• You receive emails or SMS containing a URL internet link which may lead you to a fraudulent unsecured login site.
  
• You receive emails requesting you to open attachments or free software that may contain malicious software like viruses, spyware and trojans that are designed to monitor, alter, steal, destroy or abuse your corporate and personal data for unintended uses.
• Pop-up messages and/or advertisements asking for personal or corporate financial information are likely fraudulent, so it's better to just close them.

HL Bank has incorporated the following security features:

• 8 – 32 characters of alphabets and numbers User ID for all HLB ConnectFirst customers.
• 8 – 12 characters of alphabets and numbers and is optional to add special characters Password for all HLB ConnectFirst customers.
• HLB ConnectFirst will automatically log off if there is no activity performed after a while.
• HLB ConnectFirst will be deactivated (dormant) if you do not login for 365 days.
• Your ID will be automatically blocked upon 3 unsuccessful attempts to log in.
• Up to 256-bit encryption with 128-bit minimum enabled by EV SSL certificate to secure online transactions.

Security eToken:

Precaution tips to safeguard the Security Token, Security Codes in order to prevent unauthorised and fraudulent use of HLB ConnectFirst:

• Do not disclose the Security Codes or cause the Security Codes to be disclosed to anyone;
• Do install the necessary anti-spyware and firewalls so that the equipment from which you are accessing to HLB ConnectFirst will not allow recording of the your transaction activities;
• Do always log in to the correct URL (http://www.hlbank.com.sg);
• Do not utilise HLB ConnectFirst through Internet cafes , public computer or an unsecured wireless (WiFi) network ; Change the Password(s) on periodically or when prompted;
• Do memorise the Security Codes and not recording them;
• Do inform our Customer Service at +65 6349 8330 or email us at Call-Centre@hlbank.com.sg immediately if there is any suspicion that any Security Codes has been disclosed to a third party and/or if the Security Token is lost or misplaced by the Customer, to enable HLBS to prevent fraudulent or unauthorised use of HLB ConnectFirst;
• Do sign out of HLB ConnectFirst when stepping away or leaving the access terminal unattended;
  
• Do use only your access information and devices as designated. Do not share your access with any other person or colleague.
• Do notify the bank immediately should you encounter potential security issues such as loss of security token, suspected unauthorised access etc.

Protecting You from Phishing Scam

Online fraud such as phishing scams have been rampant around the world causing undue financial losses and distress that can be avoided with proper education and care. At HL Bank, we are making it a priority to protect you, our valued customers from such threats. With your online security in mind, we hope to equip you below with practical tips on how you can prevent yourself from being a victim.

What is Phishing?

Phishing is an automated form of social engineering used by fraudsters to deceive one to give away sensitive information. Initial phishing emails are designed to entice the recipient to open the email and click on the link provided. The fraudsters use multiple methods to do this including enticing subject lines, forging the address of the sender, using genuine looking images and text and disguising the links within the email.

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution/ individual to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details and passwords.

Malware is short for Malicious Software. The commonly known malwares are like viruses, worms and trojan horses. Malware is any kind of hazardous software that is installed in your electronic device without your knowledge or consent.

From email with Website URL hyperlinks or attachments: Opening an email attachment or clicking on a hyperlink may contain and allow the malware to be installed into your PC, smartphone or tablet devices.

When receiving an email with a hyperlinks or an attachment, if the email was not expected or from someone you don't know, delete it. If the email is from an organization or someone you know and you’re not expecting it or requested for it, be cautious too; do not click on the given hyperlink or open the attachment as instructed , contact the sender to verify beforehand

From mobile SMS or MMS with website URL or attachments: Same as above emails with hyperlinks or attachments.

From instant mobile or web messaging with website URL or attachments: Same as above emails with hyperlinks or attachments. Examples of instant messaging are WhatsApp, Twitter and Line.

Accepting without reading: A user accepts what is prompted on the screen without reading the prompt or understand what it's asking. For example: while browsing a webpage, an Internet advertisement or window appears that says your computer is infected with a virus or malware; you have won a prize; asking to complete a survey or that a unique plug-in is required. Without fully understanding what it is you're getting, you accept the prompt that will install a malware.

Downloading applications (apps) from a website: Only download programs only from reputable websites and with a valid digital signature. If you are unsure, leave the site and research the website and the software you are being asked to install. If it is OK, you can always come back to site and install it.

Files that don’t have a digital signature or were downloaded from an unknown source should always be treated as dangerous.

Not running the latest operating system, web browser or application updates: Running a web browser, applications or operating system that is not up-to-date with the latest updates can be a big security risk and can be a way your computer becomes infected.

Some of the updates from your computer, smartphone/mobile, tablet device manufacturer, web-browser or application provider (e.g. Microsoft, Apple, Blackberry, Samsung, LG, Adobe, Google, Mozilla etc), are security updates. Make sure you perform and have the latest updates to minimize the risk of malware infections.

No antivirus scanner: It's highly that recommended you have some form of antivirus on your computer, smartphone/mobile or tablet devices to help clean it from any infections currently on the computer and to help prevent any future infections.

Never click on unknown website link or open an attachment sent via email, SMS, Twitter, WhatsApp or other popular text/instant communication applications, especially when the content is related to financial matters.

Be a smart surfer when browsing websites that are new to you, be careful of any pop-up window that request for your personal information or prompts you to use certain program.

Be very selective of the files or programs that you would like to download, always double-check the genuineness of the website and the source, even if it comes from your friends.

Keep your operating system, internet browser, applications and firewall up to date.

Install robust anti-virus, anti-spyware and firewall software on your computer and other devices and configure it to update automatically in regular intervals.

Run full system scan periodically to remove any new found virus or malware, and you must reset your password and clear all browser caches, history, cookies, before you login to your online banking again.

High frequency of apps crash unexpectedly.

Device battery drains out quickly.

Pop-up notification or advertisement to install other apps.

Overall device performance becomes sluggish without apparent reason.

Outgoing and incoming SMS/calls being disrupted.

Do not respond to any form of pop-up screen or window or additional web pages asking for your personal info and smartphone platform (Android, Windows, etc).

Do not simply download and install/update any app on your computer or mobile/tablet devices without verification.

Do not root or otherwise 'Jailbreak' your computer or mobile/tablet devices and avoid side loading (installing from non-official sources).

Notify the Bank immediately when you came across anything suspicious or unusual web pages asking for personal information when you are about to login to your HLB ConnectFirst.

You are advised not to proceed with your online banking transactions until your computer or device has been checked and disinfected.