With the rapid development of the internet and the increasingly sophisticated methods of fraud and online scams, protecting your private passwords has become particularly important. Your password serves as the primary key to access your bank account. If compromised, it could lead to financial losses or personal data breaches. To safeguard your accounts against emerging threats, Industrial and Commercial Bank of China (Asia) Limited (“the Bank”) provides the following security guidelines to help you secure your private passwords and ensure your banking transactions remain secure.

Common Password Scams and Theft Techniques

1. Phishing email/message
   Scammers impersonate banks or official organizations, sending phishing emails/texts with malicious links to deceive victims into disclosing their login credentials.
2. Phishing website
   Scammers create counterfeit banking websites (using tactics like typo-squatted URLs or deceptive domain names) to steal victims’ personal information.
3. Social engineering attacks
   Scammers impersonate bank staff, contacting victims via phone calls or social media under the pretext of “suspicious account activity”, then trick them into revealing passwords or SMS verification codes.
4. Malware risks
   Downloading apps/files from unverified sources may install malicious programs that secretly harvest victims’ keystrokes or input data.
5. Brute-force attacks
   Scammers systematically attempt common passwords (e.g., “123456” or “password”) to compromise accounts through trial-and-error.

How to Protect Your Private Passwords?

1. Create Strong Passwords
   ✓ Complexity: Use a combination of uppercase letters, lowercase letters, numbers, and special symbols. Never reuse the same password across multiple platforms;
   ✓ Avoid common passwords: Refrain from using repetitive or sequential characters, such as “password” or “123456”;
   ✓ Avoid personal information: Do not incorporate personal details like login IDs, birthdays, or phone numbers.
2. Change Passwords Regularly
   ✓ Critical accounts: Update passwords every 3-6 months;
   ✓ Security incidents: Change passwords immediately if your account is compromised or you suspect unauthorized access.
3. Stay Alert to Suspicious Links and Emails
   ✓ Do not click or open any hyperlink, attachment or QR code in the suspicious email or SMS message, even if SMS Sender IDs with prefix “#”;
   ✓ Do not logon to your ICBC (Asia) Online Banking Services or Mobile Banking through third party platform (e.g., Carousell, Facebook, WhatsApp, etc.). You should always access our Online Banking Services by typing our Bank’s official website address directly into your browser.
4. Use Secure Devices for Transactions
   ✓ Do not use public Wi-Fi networks or public computer to logon to your Internet Banking or Mobile Banking Services. Using telecommunication network and personal devices are more secure;
   ✓ The latest ICBC (Asia) mobile banking app should be downloaded or updated only through the Bank’s website at www.icbcasia.com (Internet Banking > Personal Mobile Banking) or via the Apple App Store/Google Play/Huawei App Store;
   ✓ Disallow installation of Apps from unknown source on your mobile devices and check regularly and uninstall if there are any suspicious applications installed;
   ✓ Evaluate Apps’ requested permissions carefully before installation.
5. Monitor Account Activity Regularly
   ✓ Check your bank statement and personal information on the bank account regularly and report any unusual transaction to the Bank at (852) 2189 5588 immediately;
   ✓ Keep up to date with the latest Information and notifications, regularly logged into internet banking’s “Mailbox”and check eMessage sent by the bank;
   ✓ Carefully review notifications sent through email and SMS to verify if the instructions were initiated by you.