If you suspect that there has been any unauthorised access of your account(s) online, or that any online transactions has taken place which is not initiated by you, please call our Hong Leong Call Centre at + 84 8 7300 8100 from 7:00am to 7:00pm daily or email us at

How to indentify a scam?

HONG Leong Bank Security

Hong Leong Bank has incorporated the following security features:



Protecting You
From Phishing Scams

Online fraud such as phishing scams has been rampant around the world causing undue financial losses and distress that can be avoided with proper education and care. At Hong Leong Bank Vietnam, we are making it a priority to protect you, our valued customers from such threats. With your online security in mind, we hope to equip you below with practical tips on how you can prevent yourself from being a victim.

What is that?

Phishing is an automated form of social engineering used by fraudsters to deceive one to give away sensitive information. The initial phishing email is designed to entice the recipient to open the email and click on the fake link provided. The fraudsters use multiple methods to do this including enticing subject lines, forging the address of the sender, using genuine looking images and text and disguising the links within the email.

Other Common Internet Scams

Password Cracking

Password cracking is a common way to retrieve a Password by repeatedly trying to guess for the Password. The most common method of Password cracking is guessing and dictionary attack.

Keystroke Logging

Keystroke logging or more commonly known as key logging is a way of obtaining Passwords or info by capturing what user's type. It is a diagnostic tool that comes in the form of software or hardware (i.e. inserted in the keyboard).

Login Spoofing

Login spoofing is a way of obtaining a user's User Name and Password. The user is presented with the bank's Login page to prompt for the User Name and Password. When the User Name and Password are entered, the information is then passed to the attacker.

Shoulder Surfing

Shoulder surfing as it suggests, is a way of obtaining a user's User Name and Password by peeping.


Spyware is computer software that is often installed into the PC without user's knowledge and usually takes place during user's download of free software, games or subscribing to free online services from the Internet. Once installed, it does not only monitor user's surfing activity but also capable of retrieving any personal and sensitive information that is being transmitted on the Internet before it is sent in the background to interested parties.

Trojan Horse

Trojan horse is a type of malware (malicious software) which allows unauthorised access by attacker to user's computer and more often for the purpose of data theft (e.g. personal information, bank account numbers and Password). It can be spread through opening email attachment from unknown person or visit to unknown websites.

Mule Scam

As the result of responding to spam email or job recruitment that offers opportunities to make easy money, a person could fall for a mule scam. This person is known as "money transfer agent" or "money mule" whereby a mule's bank account is used to receive stolen money from phishing victims and such account also act as a transit prior to the funds being sent abroad and later to be withdrawn by the fraudsters.

common atm fraud

ATM Card skimming

A skimming device is used to copy an ATM card's security information on its magnetic stripe in order to reproduce the customer's information on a counterfeit card.

ATM Card jamming

An ATM's card reader is tampered with the intention to trap a customer's card. The criminal removes the card once the customer has walked away from the ATM Machine.

ATM Card swapping

A customer's card is swapped with another card without their knowledge during an ATM transaction.

Shoulder surfing & ATM Pin Number Compromising

An individual stands next to someone and observes as they enter a PIN number at an ATM machine. Shoulder surfing can also be done via long distance with the aid of either a binoculars or other vision-enhancing devices.


Telephone tapping is the unauthorised monitoring of telephone and Internet conversations and / or key tone by a third party. Phone Tapping is possible on a public switched telephone network and can be difficult to detect. To minimize the risk, consider disabling your mobile phone's Bluetooth connection to prevent any unauthorised access to signal sent from and to your phone.

Your Role

We've put together a guide to show you how to do your online banking safely.


Here are 14 tips for a safer banking experience, which you should keep as a constant reminder.

Always be vigilant

in keeping your personal and financial information secured.

Shred or securely Store

your printed statements.

Sharing is not always caring

Never share personal information such as your Username, Password, Transaction Authorised Code (TAC), Banking Account, Card Number and ATM / Debit Card PIN via emails or pop-up windows.

Don’t Click

on links provided in email / SMS / pop-ups. Always manually enter URL address in your internet browser.

Use a strong Password

Avoid choosing Passwords that are easy to guess. Create one using a combination of alphabets and numbers, which makes it harder to guess. Make sure you never write your Password down and that it’s changed regularly.

Check and monitor

your transaction records as often as you can! This way you will notice if there is anything suspicious.

avoid using public computers

when performing online transactions. Use your personal computer instead.

Disable the auto - complete
and auto - save function

for Usernames and Passwords.

Don’t Keep your cache

After every online session, clear your Internet cache. Usually this button is under the Internet Options section of your Internet browser.

Confirm the authenticity

of the webpage by checking the secured protocol on current domain (https://) and SSL certificate (represented by a padlock/key icon) besides the address bar on your browser

Be suspicious

of any unsolicited emails or calls that ask for confidential information no matter how real they may seem. If in doubt about the validity of a particular message, contact the company that supposedly sent you the message to make sure it's genuine.

Invest a little

on computer security such as personal firewall, anti-spy, and anti-virus software. Make sure it's updated regularly!

Do Not Use

any other bar code reader and NEVER RESPOND to any format of QR codes communication channel such as email, SMS or other methods.

Only Use

our Hong Leong Connect Mobile Banking to scan the QR Code at our authorised PEx+ Merchant. The QR code generated by PEx+ Merchant Terminal is unique and encrypted to be only read by Hong Leong Connect Mobile Banking application.