Login Passwords
Set a password that is difficult to guess and different from the ones for other services. The login password should be changed regularly and should never be stored on computers, mobile phones or placed in plain sight. Never divulge your password to anyone, including your family members.
Two-factor Authentication
You should use two-factor authentication to protect your account access and you should protect the devices of two-factor authentication (e.g mobile phones or your personal laptops).
Protect your device
Lock your phone with anything only you know or you have, like password, PIN, fingerprint, facial recognition, etc. You should also set up your phone with the remote lock or wiping option to prevent data leakage in case you lose it. Protecting your own device is the first step of security before you do anything else with the phone. Avoid using public computers or public Wi-Fi to access your account, e.g. avoid accessing the Endowus platform in cyber-cafes.
Secure your device
Use the latest versions of operating system, App and browser. Never jailbreak or “root” your device. Once the security of your device has been broken, you can no longer trust anything on it.
Login to the Platform
The Platform should be accessed by entering Endowus website address directly, or using a bookmark or an App. Never access the Platform or provide your personal information (including your password) through any hyperlinks or attachments embedded in emails or from other media.
Login Process
Log out immediately after each use.
Also, beware of any unusual login screen or process (e.g. a suspicious pop-up window or a request for providing additional personal information) and whether anyone is trying to peek at your password.
Messages from Endowus
Check messages from Endowus in a timely manner and verify your transaction records. Inform us immediately in case of any suspicious situations, regardless of the amount. We will not ask for any sensitive personal information (including passwords) through phone calls or emails.
Beware of Computer Viruses
Install and update promptly your security software. Do not download or open doubtful files, browse suspicious websites, or click on the hyperlinks and attachments in questionable sources (e.g. emails, instant messaging, SMS messages, QR codes). Download and upgrade your Apps from official App stores or reliable sources only.
Network Functions
Disable any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) not in use. Choose encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection settings.
Recognise and Avoid Scams
Stay vigilant against fraud and phishing attempts. If you are unsure whether a website, phone number or email is likely fraudulent or not, you can verify it easily by running a search against Scameter’s database. Scameter+ enables users to report suspicious websites, phone numbers, email addresses and phishing links to the Hong Kong Police Force, helping to identify and index scams in a publicly accessible database. Additionally, it provides real-time alerts if it detects you trying to visit a potentially fraudulent website. For more details, refer to https://cyberdefender.hk/en-us/scameter/.
Reference:
- The Government’s Cyber Security Information Portal (http://www.cybersecurity.hk)
- Securities & Futures Commission of Hong Kong (https://www.sfc.hk/en/)