Background


As a global financial institution, FWD is always concerned about security. The growth of the Internet has offered greater flexibility for all of us, but it also brings new risks that we must be aware of and guard against. FWD provides the following general information to address any concerns that you may have around online security.

FWD makes every effort to provide optimal security to your data and to all transactions as protecting our clients is just good business for us. However, no matter how hard we work, there are still some risks online, and you can take some action to protect yourself. Here we provide some information to help you to protect yourself.

  • Latest Key Security Issues
  • FWD's Standard Practices
  • Verifying Websites
  • Protecting Yourself
  • Reference Sites
  • Contact Information

Latest Key Security Issues


From time to time we will provide information on security related issues that we feel you should be aware of. These security updates will be presented on this page.

Phishing


A phishing attack is an online fraud technique which involves sending official-looking email messages with return addresses, links and branding that all appear to come from legitimate banks, insurance companies, retailers, credit card companies, etc. Such emails typically contain a hyperlink to a spoof website and mislead account holders to enter customer names and security details on the pretence that security details must be updated or changed. Once you give them your information it can be used on legitimate sites to take your money. It is important that you should be alert to any emails asking for your information; see more on "FWD's Standard Practices" in the next section.

Advance Fee Fraud


You may have already heard of 'advance fee fraud', where emails offering large sums of money are sent to thousands of email addresses, but a modest "fee" is required in order to cover legal fees, account opening or customs charges.

Sometimes the money offered is a result of a lottery for which you have never bought a ticket. Sometimes the money is held in an account overseas but the account owner cannot access it, they promise a percentage of the money in return for your help. In both cases, you may be requested to pay various fees in advance.

Do not respond to these emails. They are part of a fraud and you will not receive any of the promised money.

FWD's Standard Practices


FWD may communicate with clients by email on occasion, so how can you tell which emails are from us, and which are fraudulent?

FWD will address you by name in emails that require response from you through email or any action from you over the internet.

FWD will not embed hyperlinks in emails that directly take you to a webpage where you must enter your security information.

FWD will not send you emails asking you to update, verify or confirm your security details e.g. PIN, bank account number, ID Card number and passport number.

If you are in doubt about the legitimacy of any email that you have received purporting to be from FWD, you should contact FWD immediately. For contact details, please refer to the section of "Contact Information" of this document.

Verifying Websites


You should pay close attention to the URL (website address) of the site you are visiting to make sure it is actually the site you believe it to be. Clients must be sure that the website they are entering really belongs to FWD.

You should also check that the website you are going to access to your account information or perform transaction is a secured website. The URL will begin with https://.

If the URL begins with https://, the secure lock icon, that is a small padlock, will appear on the lower right-hand corner of the status bar of the browser. This padlock means that data is transmitted to and from this site with encryption. Double-click on the padlock icon to see the details of the security certificate. The certificate shows the owner of the website. Check that the details and validity are correct. Be sure that the URL on the certificate matches the URL of the webpage that you are visiting.

FWD works with well known certification authorities such as Verisign, Global Sign and Thawte.

If you have any doubts about a website, you should contact FWD as soon as possible to verify it.

Protect Yourself


Take care of your personal information


Your account / customer number, policy number, PIN, memorable date and customer identification number are the keys to your account. Never write them down, give them to anyone else or include them in an email. Remember that protecting your Customer Number, PIN and security details is your responsibility.

Protect Your Computer


  • Update your computer by installing the latest software and patches, to prevent hackers or viruses exploiting any known weaknesses in your computer.
  • Install and update virus protection, to protect against viruses corrupting your computer and to prevent hackers installing Trojan viruses on your computer.
  • Install and update anti-spyware tools.
  • Install and update personal firewalls.
  • Use only programmes from a known, trusted supplier.
  • Use password to prevent unauthorized use of your computer.
  • Disable automatic processing of email attachments in the Internet email software.
  • Always scan files by anti-virus software before executing them.
  • Avoid using programs which enable you to automatically get or preview files.

Protect your mobile phone


  • Update your mobile phone by installing the latest software version.
  • Do not store confidential information such as personal account numbers or passwords into the mobile phone.
  • Always log off your online session. Do not just close the mobile phone browser, follow the logoff instructions to ensure the protection.
  • Set up a password for the mobile phone to prevent unauthorized access to your personal information in case it is lost or stolen.
  • Delete SMS message if it is no longer required and clear the browsing history regularly.
  • Remove temporary files and the cache stored in the memory of the mobile phone regularly.
  • Don’t leave your mobile phone unattended.
  • Avoid sharing your mobile phone with others.
  • Do not download program/apps from unsecured source.

Beware of spam emails


  • Use a spam filter to avoid even seeing these messages.
  • Never respond to a spam message, otherwise your email address is then recorded as live and the spam will increase.
  • Should you read a spam message, please remember: if it sounds too good to be true, it probably is too good to be true.

Select a secure password


  • A secure password is one that is easy for you to remember, but difficult for others to guess. Do not use plain words, birth dates, names of children or pets; these could be discovered by others.
  • A good password should contain at least eight characters to make the probability of the password being guessed sufficiently unlikely. It always helps to vary the types of characters in your passwords, making them more difficult to guess as well, i.e. using numbers, capital letters, and special characters like ~!@#$%^& and *.
  • Use different passwords for different purposes i.e. do not reuse passwords.
  • For security reason, you are advised to change the initial password after the first access. It is also advisable to change your password on a regular basis.

Keep your online section secure


  • Be cautious about accessing your account information or performing sensitive transactions on public computers; make sure you use public computers at a reputable provider - if the PC is not properly secured, hardware and software can be modified to capture keystrokes and other data that could disclose your personal information regardless of the security provided by the website.
  • Do not open other Internet browser sessions and access other websites while you are assessing your account information or performing sensitive transactions through the Internet.
  • Ensure that others are not looking at your keyboard over your shoulder when you enter your PIN or password, or access to your personal information. This is particularly important at public internet access locations.
  • Do not check the box that asks your computer to "remember your passwords" or use "auto complete" function of your browser. That defeats the security of passwords.
  • When you have finished with any secure online session (such as accessing your account information), please remember to log-off and close your browser window, and clear your browser's cache files so that your personal information is not stored in the computer, particularly when using public internet access services.

Reference Sites


Hong Kong Police - "Tips for Smart Netizens"
http://www.police.gov.hk/ppp_en/04_crime_matters/tcd/tips.html

HKSAR - "The InfoSec Web Site"
http://www.infosec.gov.hk

Contact Information


For enquiries, or reporting on suspected phishing cases relating to FWD, please call our Customer Service Hotline on:

FWD Life Insurance Company (Bermuda) Limited (852) 3123 3123
FWD General Insurance Company Limited (852) 3123 3123
FWD Pension Trust Limited (852) 3123 3123
FWD Financial Planning Limited (852) 2850 3499
FWD Life Insurance Company (Macau) Limited (852) 3123 3123

Download PDF version