Accessibility Links

Accessibility Links

English 繁體版 简体版

Navigation Menu 1

General UsersYoungsters & StudentsParents and TeachersIT ProfessionalsSME
FAQ Search :
Change text size: Text Size: Default Size (A) Text Size: Larger (A) Text Size: Largest (A)
general user youngsters and students parents and teachers IT professionals sme

Navigation Menu 2


Protecting Against Phishing Attacks  


Recommendations for Organisations

Preventive Measures

  1. Inform users directly (e.g. disseminate information through monthly statements, leaflets, publications or websites) about the preventive measures that your organisation has implemented e.g. Your organisation

    • will not send emails with embedded hyperlinks to websites to its users; and

    • will not ask for users' personal information or account information such as user identity or passwords via email.

  2. Keep websites certificates up to date so that users are assured the legitimacy of the websites.

  3. Provide telephone number for users of the websites to verify and report for any suspicious email requests for information that claimed to be sent by the organisation, which shall be available for all time.

  4. Consider to register domain names that are similar to the one that is currently used by the organisation e.g. in addition to the original domain name "", domain names "", "", "" can also be registered.

  5. Develop a trademark for the domain name of the organisation and register it to minimise the risk of being misused or duplicated.

  6. Strengthen the security controls of the websites, applications and email systems of the organisation e.g. using technological solutions such as SSL, two-factor authentication, digital certificates, firewalls, anti-virus solutions, enhancing fraud monitoring or reporting mechanisms and so on.

  7. Strengthen the operational controls such as setting a lower limit on the maximum amount of transaction or fund transfer per day or pre-registration before authorised to perform certain types of online transactions via Internet.

  8. Educate users about the best practices that they should follow and observe when using your Internet services.

Back to Top Top

Detective Measures

  1. Monitor the Internet for fraudulent variations of your organisation's name, trademark, seal or website address.

  2. Monitor the Internet for phishing emails related to your organisation.

  3. Monitor the websites of your organisation for any suspicious activities.

  4. Identify and notify management of any reports of suspicious activities on websites or phishing emails.

Back to Top Top

Responsive Measures

  1. Issue promptly alerts to the users, related parties or even the public through press releases, website or postal emails about the fraudulent website and warn them not to respond to the suspicious or phishing emails.

  2. Report to the police and relevant organisations such as Hong Kong Monetary Association about the suspicious website.

  3. Advise users, who suspects to be defrauded, to change their passwords immediately and to contact the organisation or report to the police as soon as possible.

  4. Issue alerts to staff, administrators or service providers of the website of the organisation to strengthen security measures and to watch out for any suspicious activities.

  5. Stop further use of the secret code or device immediately when a loss, theft or possible compromise of a secret code or a device, is reported.

Back back to topTop

Footer Menu

Sitemap | Contact Us | Privacy Policy | Important Notices
General Users Youngsters & Students Parents & Teachers IT Professionals SME