You're about to leave our website

This hyperlink will bring to you to another website on the Internet, which is published and operated by a third party which is not owned, controlled or affiliated with or in any way related to Standard Chartered Bank (Hong Kong) Limited or any member of Standard Chartered Group ( the "Bank").

The hyperlink is provided for your convenience and presented for information purposes only. The provision of the hyperlink does not constitute endorsement, recommendation, approval, warranty or representation, express or implied, by the Bank of any third party or the hypertext link, product, service or information contained or available therein.

The Bank does not have any control (editorial or otherwise) over the linked third party website and is not in any way responsible for the contents available therein. You use or follow this link at your own risk. To the extent permissible by law, the Bank shall not be responsible for any damage or losses incurred or suffered by you arising out of or in connection with your use of the link.

Please be mindful that when you click on the link and open a new window in your browser, you will be subject to the terms of use and privacy policies of the third party website that you are going to visit.


Proceed to third party website
Computer, Electronics, Laptop

Online and mobile security

We take protecting your finances seriously. All day, every day.

Fraud and scam types

How we protect you

Protecting yourself

Fraud and scam types

Social engineering

What is social engineering?

Cyber criminals often employ the use of social networks to gather your personal information. Utilizing social skills, they will attempt to win your trust and trick you into sending money or disclosing sensitive information.

Fraudsters commonly use fake phone calls, text messages and emails impersonating government officials and organizations convincing you to give them sensitive information such as usernames, passwords and credit card details. Check out below for more information on different forms of social engineering.

Impersonation scam

What is impersonation?

There are many kinds of impersonation scams but they all work the same way: a scammer pretends to be legitimate government agencies, organizations or someone you trust to convince you to send them money or disclose sensitive information. Here are some types of scams that you should be aware of to better protect yourself.

What to watch out for:

  • Unexpected calls or emails threatening action against you
  • Urgency – Requiring you to pay to resolve the issue
  • Fake bank staff – Fraudsters may identify themselves as bank staff and ask you to provide personal particulars and financial information, or even perform transactions in the call.
  • Fake law enforcement officials –Fraudsters make false criminal accusations implicating the victim and coerce them to transfer fund to designated accounts or share account credentials in order to prove their innocence.
  • “Guess-Who-I-AM” phone scam – Fraudsters pretend to be family member or someone you know and make up story tricking you into sending fund

What you can do:

  • Take your time and think. Make sure it is a legitimate caller
  • Seek advice. Speak to friends or family
  • Hang up. If you are still concerned, call back the relevant organisation on their public listed number
  • Do not rush into making payment or providing sensitive personal information easily over an unsolicited call.
  • Law enforcement officials do not call individuals and demand or request money from them under any circumstances.

Phishing scam

What is phishing?

Phishing, a form of social engineering, is a cyber crime where fraudsters try to obtain your personal information by email. Fraudster may also contact you through messaging apps, SMS or phone calls. The information can be used for identity theft, payment scams and credit card fraud as well as many other forms of cybercrime. Malicious links or attachments are often included in phishing and vishing messages, designed to steal your information or infect your system with malware (malicious software).

Watch out for cybercriminal! Here are the recent SMS Phishing attacks:

The above Phishing SMS messages make you feel suspicious and confused, which induce you to reply via hyperlinks. Never reply or click on any link in this type of SMS message. Clicking on the link or replying to this message could:

  1. Lead you to a fake website asking you to input personal information, e.g. bank account credentials.
  2. Download malicious software (malware) to your phone. This malware might appear to be a legitimate app, which then prompts you to input personal information and send it to cybercriminals.

Five common characteristics of phishing messages:

  1. The name of the addressee is not specified (i.e. an undisclosed recipient).
  2. The name and email address of the sender may be exactly the same as the genuine information of the related bank.
  3. The email usually appears as an important notification from the bank (e.g. “Notification for a huge amount of fund transfer in the customer’s account” or “Request the customer to activate a new security function, otherwise, a specific banking service (such as fund transfer service) will be suspended”). The customer will be requested to click the hyperlink or open an attachment in the email.
  4. The email normally carries a hyperlink which looks like a genuine website address of the bank. However, when mouse-over the hyperlink, you will notice that the actual hyperlink embedded is another URL.
  5. Grammatical mistakes or typos may be found in the email.

Malware attack

What is malware?

Short for ‘malicious software’, malware is an intrusive programme installed on your computer or smartphone, often without your knowledge or permission. Once installed, it enables cyber criminals to commit fraud, like steal your banking credentials, run payment scams or hijack your system for a ransom.

Understand the common types of malware

  • Virus: infects files and software, and spreads to other computers in the network
  • Spyware: spies on your online activities and collects your information
  • Ransomware: encrypts information and keeps it from you, in exchange for money
  • Trojan: disguises itself as a legitimate software to modify, destroy or steal

Be aware of the latest types of scams

Visit the sites below to learn how to protect yourself

How we protect you

SMS & email notification

We better protect you through SMS & email notification by:
  • Removal of clickable phone numbers in bank-sent emails and SMSes
  • We no longer send any clickable links via SMS or emails.
  • If you receive any SMS or email with a clickable link, please do not click and contact us immediately.
  • We have registered SMS sender ID, our one-way SMS to Hong Kong mobile numbers will be sent under any one of the following sender IDs registered by the bank:
    • #SCBHK
    • #SCBHKinfo
    • #SCBHKsms
  • Learn more

Monitoring and alert

We maintain a secure system
  • Advanced 24/7 monitoring
    • All systems and activities are closely monitored by our team of professionals who are dedicated to proactively detecting and defending against threats, and resolving issues.
    • We monitor threats and online activity around the clock to detect any scams early and take preventive measures to keep your account safe.
  • Instant alert
    We provide text messages, push messages and email alerts to notify you when important information changes or transactions are made using your account, including but not limited to:

    • Make payments and transfers through your account
    • Modify limit
    • Change account information

Cooling off period

Accounts are protected by a cooling-off period

After SC Mobile Key registration or re-registration and initiating identified high risk instructions (e.g. add new payee, fund / payment transfer, increase transfer limit, etc), your Digital Banking account may be suspended due to security reason. Please call our hotline 2886-8862 for identity verification. The bank will re-activate your Digital Banking account after verification, and you could re-initiate the instruction thereafter.

Suspected scam

Suspected Scam / “High Risk”? Check it out with “Scameter”!

Click HERE to visit Scameter website of the Hong Kong Police Force.

As there is an increasing trend of fraud cases related to payments, remember to double check the transaction details and the payee is trustworthy before you proceed with the transaction.

If you have any doubt with the payee details,  or receive the alert message flagging the payee’s information as “High Risk” when making the transaction instruction, you can visit the Scameter website of the Hong Kong Police Force to learn more.

Scameter is the one-stop search engine provided by the Police Force to help the public identify frauds and online pitfalls. When you encounter suspicious calls, online sellers, friend requests, job ads, investment websites, etc., you can enter the platform account name or number, payment account, phone number, email address, URL, etc. to assess the risk of fraud and cyber security.

Online security

Strong technical support
  1. Firewalls and encryption
    1. All data transferred between Standard Chartered and customers is protected with state-of-the-art 256-bit encryption. Even if the data is intercepted during transmission, advanced encryption technology ensures that outsiders cannot use it.
    2. A strong firewall protects our banking systems from external threats and risks.
  2. Advanced certification
    1. You can only try to log in three times. If you fail to log in three times, we will temporarily deactivate your account to prevent fraudsters from cracking your password. To reactivate, call the number on the back of your card or statement.
    2. When you request the following services in Standard Chartered Bank Online Banking, the bank will request you to authenticate via SC Mobile Key or send a 6-digit one-time password (OTP) and some transaction details to your mobile phone via SMS
    3. In some cases, we also require additional passwords for step-up authentication.
    4. Advanced authentication technology ensures that only you, the authorized user, can connect to your account.
How we protect your data
  1. Protect your bank account
    1. We will never ask for your account information and password over the phone, email or text message.
    2. Please note:
      1. Messages without calling you by your name
      2. An email address that does not match the person or organization it purports to be
      3. Messages with poor spelling and grammar
      4. Messages claiming you have won a prize or instructing you to click on a link
      5. We also will not direct you to a website to enter your username and password. Your password and PIN are private to you – never reveal them to anyone.

Protecting yourself

SC Mobile Key and push notification

Why you need to have SC Mobile Key
  • Strengthen login security
    You will be prompted with a notification instantly for any online or mobile banking login.
  • Prevent stealing of your account
    When performing high risk transactions such as adding a new payee or updating personal details, you are required to input a 6-digit PIN for authentication. This can prevent your account from being fraudulently used.
  • Enable in-app alerts
    You can be assured all messages received via Push Notification are from our secured source.
  • Learn more

Be aware and never share

What should you do:
  • Be careful about sharing personal informationlike your full name, date of birth, address, mobile, phone number or ATM card number. These details could be used to steal your identity.
  • Never respondto unsolicited emails, phone calls or texts. Scammers are clever at impersonating someone you trust, such as a police officer or a Bank representative.
  • Beware of payment or fund transfer requests from people you don’t know. If you are unsure, speak to someone you trust or contact us before making any payment or cash transfer.
  • Watch outfor unauthorized cash deposits or withdrawals on your account, they could be fraudulent transactions.
  • If you receive a suspicious email, text or phone call allegedly from the Bank, please check the identityof the sender or caller with us immediately.

Update your apps and always log out

What should you do:
  • Start by regularly updating the apps and anti-virus softwareon your mobile phones, tablets and laptops.
  • Only download the SC Mobile App through the 4 authorised channels found here– never from third-party sites.
  • When making a transaction, remember to double check the detailsbefore you press the submit button.
  • Always log outof the SC Mobile app or Online Banking session after use and never leave it running in the background.

Always ensure your password is secure

Tips for you to protect your PIN/password
  • Why do I need a strong password?
    Cyber criminals comb the internet and social media to find your personal information. So ensure you have a strong password to deter them. Weak passwords are uncomplicated and commonly used, for instance 12345678, or associated with your personal data, such as names or birthdays. As a matter of fact, it only takes a fraction of a millisecond to crack an uncomplicated 7-character password.
  • How you can secure your personal information
    • Do not use the same password for multiple sites or accounts. Ensure the password used for your Standard Chartered banking account is unique from your online and social networking accounts.
    • Keep all passwords safe and confidential. Standard Chartered may verify the number of accounts you have, but we will never request your login credentials, whether by phone, email or text.
    • Strengthen your password by using a combination of upper and lower case characters, numbers and special characters. Likewise, a 12-character password is significantly stronger than 7 characters.
    • Memorise your banking password. Never write it down or store it on your devices. Additionally, make it a point to update your password regularly. Change the password immediately if you think it has been compromised.
    • When inputting your PIN/password for the use of Standard Chartered Banking services safeguard them by keeping them away from prying eyes.
    • Never share or allow anyone to use your PIN/password or One-time Passwords (OTPs).

Browse securely

Make sure you are browsing in a safe and secure environment.
  • Never connect to unknown and unsecure Wi-Fi networks when carrying out online banking. If you are using your home network, ensure your router is secured.
  • Never use a ‘jailbroken’ (iOS) or ‘rooted’ (Android) device for your banking transactions. They make it easier for hackers to access and manipulate your phone’s operating system.
  • Ensure your phone’s operating system is updated regularly to fix any security gaps. Cyber criminals can exploit any software vulnerabilities to access your phone without your knowledge.

Stay vigilant against scam

More tips for you:
  • Authenticate the identity of the caller or sender.
  • Look carefully at the sender’s address for lookalike domains (e.g. john@standardchartd.com), and never respond to, click on hyperlinks or download attachments in unsolicited emails, messages or phone calls.
  • Avoid simply relying on the incoming call display to establish the true identity of the caller or directly calling the bank hotline numbers provided in the messages and following the given instructions.
  • We do not provide advice and recommendations on individual stocks through any communication channels, including phone calls and instant messaging apps (e.g. Whatsapp and WeChat). Be aware of possible ramp-and-dump scam.
  • Watch out for any message which pleads for assistance, invokes a sense of fear, urgency or curiosity, it might be a SMS phishing attempt to steal your personal information or commit fraud.
  • Never download files (including email attachments) without verifying that they are from a legitimate source. To access our banking services or resources, visit our website at https://www.sc.com/hk/.
  • Delete junk and chain emails. If you have opened one, do not click on any links or download any attachments. To change your Online Banking password, use our Online Banking login webpage. Never change it via any email links.
  • Beware of cyber criminals who use a fake identity to start a relationship with you, this is known as catfishing. Their aim is to scam you of your money once they have earned your trust. Tell-tale signs include a reluctance to meet up in person or a lack of friends on their social networking account.
  • Keep potential fraud and spam out of your regular email inbox by creating a separate email account for social networking purposes. Never click on hyperlinks or download attachments in unsolicited emails.
  • Keep your social networking accounts private and restrict them to friends and family only. This makes it harder for cyber criminals to monitor your online activities on these platforms.

Looks suspicious? Make sure you reach out to us!

  • Credit / ATM card PIN
    If you suspect your Credit / ATM card PIN has been compromised, you can login to Online Banking or SC Mobile App to deactivate your Credit / ATM card.
  • Credit / ATM card transaction
    • If you do not recognize or feel suspicious about a Credit Card transaction, you can login to Online Banking or SC Mobile App to submit transaction dispute.
    • If you do not recognize or feel suspicious about a ATM Card transaction, you can visit here to submit transaction dispute.
  • Online Banking / SC Mobile App account / Online Securities Trading / SC Equities
    • If you suspect your Online Banking / SC Mobile App account / Online Securities Trading / SC Equities account credential (including username and/or password) have been compromised, you may call (852)2886-8862 to suspend your digital banking account.
    • When you think your account is safe or recovered, please call our hotline (852)2886-8868 to unlock it.
  • For any other doubt, please contact us immediately at (852)2886-8868 or visit any of our branches.

Remember, Standard Chartered will neither never request for your password or security information by phone call, email or SMS., nor do we notify anyone of account irregularities through pre-recorded voice messages. Also, we would not include hyperlinks in our communications (e.g. SMS or email) requesting you to log in to Online or Mobile Banking.