How to keep your mobile secure
Your mobile contains a lot of valuable and sensitive information. Don't let it fall into the wrong hands. Here's how you can keep your mobile safe.
The majority of online activity is done on mobile devices. That includes browsing, communicating, posting on social media, as well as making financial transactions. That’s why you are encouraged to use your mobiles with a high level of vigilance and cyber protection.
Browse smartly
- If you use the HSBC Malaysia Mobile Banking app, be sure you download it only from official app stores
- Customers should not disclose their online banking credentials to third parties. Please note that HSBC is not affiliated with any third party aggregator mobile apps
- Always look for a closed padlock on the left side of address bar when you are using your internet browser. This is one of the indications that the site is secure
- Only use trusted Wi-Fi networks or service providers
- Use security protection such as Wi-Fi Protected Access (WPA), if possible
- Disable Bluetooth if you are not using it so that your device is not discoverable
Be cautious of using any VPN
A "Virtual Private Network", or VPN, is a software that allows you to mask your computer's location or log on to sites as if your computer is based in another country or region.
VPNs have hidden dangers
- Malware hidden inside VPNs can steal your data, which can then be used to hijack your online accounts, steal your money (bank and credit card details), steal your digital goods or products, or lock or encrypt your devices in exchange for a payout (e.g. ransomware), and more.
- VPNs can also hijack your browser, redirecting it to other sites without your permission, which can further lead to fraud risk.
If you really plan to look for a VPN, you are advised to consider a high-quality VPN made by well-known providers or antivirus-software makers which meets your needs.
Be vigilant if your mobile is suddenly out of signal
With more people using mobile devices to perform banking transactions, fraudsters have begun to use a technique known as a "SIM-swap".
Basically, the criminal will call your mobile service provider claiming to be you to report lost and request for a replacement SIM card. If they are convincing, the mobile service provider will deactivate your SIM and issue a new one to the fraudster, who can then execute banking transactions that require OTP authorisations.
Please be alert and reach out to your mobile provider immediately if you suddenly lose network connectivity and stop receiving calls or text messages for unusually long periods.
Also, please change the password you use for accessing the mobile service portal. This is because fraudsters can easily activate an SMS forwarding service or enquire SMS content by logging on to the portal which are commonly provided by some mobile service providers today.
It’s also recommended to not switch off your phone in the event that you are receiving numerous unknown calls. This is because it could potentially be a ploy to make you turn off your phone so that you would not notice a tampered network connection.
Maintain your device
- Install the latest anti-virus and anti-spyware software on your phones and tablets, and keep it updated. Always use a reputable brand from a mainstream supplier when you are installing protection
- Install updates and patches to your smartphone and tablet regularly, including upgrades/updates to your operating system (OS) and other mobile applications
- Set up auto-lock and passcode lock to prevent unauthorised access to your devices
- Do not use security loopholes to log on to HSBC Mobile Banking on jail-broken/rooted handsets or tablets. Please note that HSBC mobile app do not run on jail-broken/rooted devices
- Install apps on your phones or tablets from trusted sources only. Understand the permissions of mobile apps before you accept and install them
- Turn off accessibility settings for the third-party apps
Accessibility services help users with disabilities or users who may find it hard to interact with the device fully. These services, such as screen readers and text-to-speech, promote inclusion. They need extensive permissions to apps to read the text on the screen or record characters typed with the keyboard on the device. But fraudsters can exploit these services to record confidential data such as your mobile banking credentials. This could lead to your financial information being leaked.
Protecting your Android devices from malware
From 28 May 2024 onwards, we'll roll out a new safety measure to the Android version of the HSBC Malaysia Mobile Banking app. This will help us better protect you from potential fraud due to malware.
So if you’ve turned on accessibility permissions for certain apps on your Android device, you won't be able to use the HSBC Malaysia Mobile Banking app. You'll get an alert about this before the app closes. To open the app and continue using it, you must turn off the accessibility permissions for those apps and / or uninstall them.
Be vigilant
- Do not store your username and password for HSBC Mobile Banking and other private services on your mobile handset or tablet
- Avoid sharing your device with others and do not use other people’s devices to log on to your private accounts
Some online services might request you to upload a scanned copy of your ID via their mobile apps. Protect your ID copy and treat it with the same caution same as your physical ID card. Do not store your ID copy on your mobile device and don't share it with people you don't trust. Do not scan your ID copy to any untrusted apps.
Biometric Authentication
The new iOS Face ID lets you authenticate your identity and access your mobile banking in seconds, just by looking at your screen. You can also log on to our app and confirm transactions using fingerprint authentication with iOS Touch ID and Android™1 Fingerprint ID.