SPECIFICALLY FOR HONG LEONG CONNECT USERS

 

1. ALWAYS MANUALLY ENTER www.hongleongconnect.my into your internet browser.

 

2. CONFIRM THE AUTHENCITY of the login page by observing that the address bar shows https://s.hongleongconnect.my/rib/login/login.do and that there is a padlock icon next to it.



Click on the padlock and check that the web certificate is issued to s.hongleongconnect.my before proceeding to log in.

Internet Explorer

 

Mozilla Firefox

 

Chrome

 

Safari

 

Opera

 

3. ENSURE YOUR CORRECT SECURITY PICTURE APPEARS before entering your password.


Sample image which you have selected

 

4. SEEK VERIFICATION directly with Hong Leong Bank by either contacting your bank's customer service or branch number that you normally use when in doubt.

 

 

HOW TO PROTECT YOURSELF FROM PHISHING SCAMS

 

1. ALWAYS BE VIGILANT in keeping your personal and financial information secure as well of latest Internet threats through Malaysian Computer Emergency Response Team (MyCERT) at http://www.mycert.org.my.

 

2. BE SUSPICIOUS of any unsolicited emails or calls that ask for confidential information no matter how real they may seem. If in doubt about the validity of a particular message, contact the company that supposedly sent you the message to make sure it's genuine.

 

3. NEVER DISCLOSE your personal information such as User Name, Password, Transaction Authorised Code (TAC), MyKad, Banking Account or Card Numbers via emails or pop-up windows.

 

4. DO NOT CLICK on links within emails / SMSes / pop-ups. Always type in the web address yourself.

 

5. LOOK OUT for the padlock icon on web sites that require personal information. Click on it to view the Web Certificate to verify the authenticity of the page.

 

6. MANAGE YOUR PASSWORDS WISELY - avoid choosing passwords that are easy to guess, refrain from writing them down on paper and ensure that you change them frequently.

 

7. CHECK AND MONITOR your transaction records for any suspicious transactions.

 

8. BE MINDFUL ON HOW YOU DISPOSE / SAFEKEEP your printed statements. Shred them or file them securely.

 

9. AVOID USING PUBLIC COMPUTERS when performing online transactions. Use your personal computer instead.

 

10. DISABLE THE AUTO-COMPLETE & AUTO-SAVE FUNCTION for user names and passwords. If you are using Internet Explorer, disable it by clicking Tools > Internet Options > Content > Auto-Complete. Uncheck option "User names and passwords on forms" and click on "Clear Password". Click "OK" to save your settings. In the event being prompted, do not tick the "remember this password" box.

 

11. ALWAYS CLEAR YOUR INTERNET CACHE after you have logged out from an online session. If you are using Internet Explorer, you can do so by clicking Tools > Internet Options > Delete Cookies and Delete Files.

 

12. INSTALL COMPUTER SECURITY APPLICATIONS such as personal firewall, anti-spy and antivirus softwares. Update the versions and scan your computer regularly.

 

How to identify a scam?

• You receive an email, SMS or phone call claiming from HLBB, asking you to provide personal financial/security information or TAC


• You receive emails or SMS containing an URL internet link which will lead you to a fraudulent unsecured login site


• You receive emails requesting you to open attachments or free software that may contain malicious software like viruses, spyware and trojans that are designed to steal your personal data


• Pop-up advertisements asking for personal or financial information are likely fraudulent, so it's better to just close them

 

Password Cracking

• Password cracking is a common way to retrieve a password by repeatedly trying to guess for the password. The most common method of password cracking is guessing and dictionary attack.

 

Keystroke Logging

• Keystroke logging or more commonly known as keylogging is a way of obtaining passwords or info by capturing what user's type. It is a diagnostic tool that comes in the form of software or hardware (i.e. inserted in the keyboard).

 

Phishing

• Phishing is an online identity theft scam where attackers send emails or sms that look like they are from the bank, requesting for sensitive personal information.

 

Login Spoofing

• Login spoofing is a way of obtaining a user's User Name and password. The user is presented with the bank's Login page to prompt for the User Name and password. When the User Name and password are entered, the information is then passed to the attacker.

 

Shoulder Surfing

• Shoulder surfing as it suggests, is a way of obtaining a user's User Name and password by peeping.

 

Spyware

• Spyware is computer software that is often installed into the PC without user's knowledge and usually takes place during user's download of free software, games or subscribing to free online services from the Internet. Once installed, it does not only monitor user's surfing activity but also capable of retrieving any personal and sensitive information that is being transmitted on the Internet before it is sent in the background to interested parties.

 

Trojan Horse

• Trojan horse is a type of malware (malicious software) which allows unauthorized access by attacker to user's computer and more often for the purpose of data theft (e.g. personal information, bank account numbers and password). It can be spread through opening email attachment from unknown person or visit to unknown websites.

 

Mule Scam

• As the result of responding to spam email or job recruitment that offers opportunities to make easy money, a person could fall for a mule scam. This person is known as "money transfer agent" or "money mule" whereby a mule's bank account is used to receive stolen money from phishing victims and such account also act as a transit prior to the funds being sent abroad and later to be withdrawn by the fraudsters.

 

Hong Leong Bank has incorporated the following security features:

 

• 128-SSL bit encryption key to encrypt all the communicated data / account via Online Banking.



 

• 8 character alphanumeric password for all online customers.



 

• One time Internet PIN for registration with Hong Leong Connect Online Banking and to reset your password.



 

• Transaction Authorisation Code (TAC) is required to authenticate selected financial transactions as a second layer of security.



 

• Security Pictures to confirm that you are accessing the genuine Hong Leong Connect Online Banking site.



 

• All financial transactions transacted via Hong Leong Connect Online Banking are capped at specific limit to prevent excessive withdrawal should fraud activity takes place.



 

• Automatic lock out to prevent further access to Hong Leong Connect Online Banking account after 3 consecutive attempts to enter the correct password.



 

• Customer's online session with Hong Leong Connect Online Banking will be automatically terminated after 5 minutes of inactivity.



 

• Access to Hong Leong Connect Online Banking will be deactivated after 3 months of inactivity.



 

• For Cyber Security information, please click here.



 

If you suspect that there has been any unauthorised access of your account(s) online, or that any online transactions has taken place which is not initiated by you, please call our Hong Leong Call Centre at 03-7626 8899 from 7:00am to 12:00am daily or email us at HLOnline@hlbb.hongleong.com.my.