Online Security for FWD Insurance

Please keep your FWD customer platform account login credentials secure and change your password regularly to protect your personal privacy. FWD will never call or send any SMS asking for your FWD customer platform account password. Be vigilant about suspicious calls, emails, websites, and applications that claim to be from or associated with FWD. If you receive any calls claiming to be from or associated with FWD, please verify the caller's identity by requesting the caller for identification details (such as the full name of the agent and their insurance intermediary license number or the full name of the FWD Customer Service Officer). If in doubt, or if the caller refuses to provide such information, you should terminate the conversation. Additionally, if you notice any suspicious transaction activity in your FWD account or discover any accounts opened in your name that were not opened by you, please contact FWD hotline at 3123 3123 immediately or call ‘Hong Kong Police Force - Anti-Scam Helpline 18222’ for assistance whenever you encounter suspected scams. 

As a pan-Asian life and health insurance business, FWD is always concerned about online security. The growth of the Internet has offered greater flexibility for all of us, but it also brings new risks that we must be aware of and guard against. FWD provides the following general information to address any concerns that you may have around online security.

FWD makes every effort to provide optimal security to your data and to all transactions as protecting our clients is just good business for us. However, no matter how hard we work, there are still some risks online, and you can take some action to protect yourself. Here we provide some information to help you to protect yourself.

• Latest Key Security Issues
• FWD's Standard Practices
• Verifying Websites
• Protecting Yourself
• Reference Sites
• Contact Information

From time to time we will provide information on security related issues that we feel you should be aware of. These security updates will be presented on this page.

A phishing attack is an online fraud technique which involves sending official-looking electronic messages (eg. SMS, email) and branding that all appear to come from legitimate banks, insurance companies, retailers, credit card companies, etc. Such messages typically contain a hyperlink to a spoof website and mislead account holders to enter their sensitive personal information, such as account number, PIN, security code or one-time passwords (OTPs) on the pretence that security details must be updated or changed. Once you give them your information, criminals can use it to log into your actual account and steal your money. It is important that you should be alert to any messages asking for your information, do not disclose sensitive personal information or account credentials through unauthorized channels; see more on "FWD's Standard Practices" in the next section.

You may have already heard of 'advance fee fraud', where emails offering large sums of money are sent to thousands of email addresses, but a modest "fee" is required in order to cover legal fees, account opening or customs charges. Sometimes the money offered is a result of a lottery for which you have never bought a ticket. Sometimes the money is held in an account overseas but the account owner cannot access it, they promise a percentage of the money in return for your help. In both cases, you may be requested to pay various fees in advance. Do not respond to these emails. They are part of a fraud and you will not receive any of the promised money.

FWD may communicate with clients by emails and instant messaging applications (e.g. SMS, WhatsApp, WeChat, etc. FWD will address you by name in emails that require response from you through email or any action from you over the internet. FWD will not embed hyperlinks in instant messages that directly take you to a webpage requesting you to log on or enter sensitive personal information. If you are in doubt about the legitimacy of any email or instant messages that you have received purporting to be from FWD, you should contact FWD immediately. For contact details, please refer to the section of "Contact Information" of this document.

You should pay close attention to the URL (website address) of the site you are visiting to make sure it is actually the site you believe it to be. Clients must be sure that the website they are entering really belongs to FWD. You should also check that the website you are going to access to your account information or perform transaction is a secured website. The URL will begin with “https”. If the URL begins with “https:”, the secure lock icon, that is a small padlock, will appear on the lower right-hand corner of the status bar of the browser. This padlock means that data is transmitted to and from this site with encryption. Double-click on the padlock icon to see the details of the security certificate. The certificate shows the owner of the website. Check that the details and validity are correct. Be sure that the URL on the certificate matches the URL of the webpage that you are visiting. FWD works with well known certification authorities such as Verisign, Global Sign and Thawte. Make sure you use the FWD official website or mobile app. If you have any doubts about a website, you should contact FWD as soon as possible to verify it.

To help members of the public verify the identities of SMS senders, the Office of the Communications Authority (OFCA) has established the "SMS Sender Registration Scheme."  Starting from 30 Aug 2024, FWD, being a registered SMS sender, will only send SMS messages to Hong Kong mobile users using registered sender IDs starting with prefix "#".

Below are the registered SMS sender IDs of FWD:

#FWD

#FWD MAX HK

Be careful when you receive a message from an unknown sender. Do not disclose any personal, account, or credit card information if requested. Avoid clicking on suspicious links in the message.

Your account / customer number, policy number, PIN, memorable date and customer identification number are the keys to your account. Never write them down, give them to anyone else or include them in an email. Remember that protecting your Customer Number, PIN and security details is your responsibility.

• Update your computer by installing the latest software and patches, to prevent hackers or viruses exploiting any known weaknesses in your computer.
• Install and update virus protection, to protect against viruses corrupting your computer and to prevent hackers installing Trojan viruses on your computer.
• Install and update anti-spyware tools.
• Install and update personal firewalls.
• Use only programmes from a known, trusted supplier.
• Use password to prevent unauthorized use of your computer.
• Disable automatic processing of email attachments in the Internet email software.
• Always scan files by anti-virus software before executing them.
• Avoid using programs which enable you to automatically get or preview files.

• Update your mobile phone by installing the latest software version.
• Only download and install applications from verified developers via official channels or app stores.
• Do not store confidential information such as personal account numbers or passwords into the mobile phone.
• Always log off your online session. Do not just close the mobile phone browser, follow the logoff instructions to ensure the protection.
• Set up a password for the mobile phone to prevent unauthorized access to your personal information in case it is lost or stolen.
• Delete SMS message if it is no longer required and clear the browsing history regularly.
• Remove temporary files and the cache stored in the memory of the mobile phone regularly.
• Don’t leave your mobile phone unattended.
• Avoid sharing your mobile phone with others.

• Use a spam filter to avoid even seeing these messages.
• Never respond to a spam message, otherwise your email address is then recorded as live and the spam will increase.
• Should you read a spam message, please remember: if it sounds too good to be true, it probably is too good to be true.

• A secure password is one that is easy for you to remember, but difficult for others to guess. Do not use plain words, birth dates, names of children or pets; these could be discovered by others.
• A good password should contain at least eight characters to make the probability of the password being guessed sufficiently unlikely. It always helps to vary the types of characters in your passwords, making them more difficult to guess as well, i.e. using numbers, capital letters, and special characters like ~!@#$%^& and *.
• Use different passwords for different purposes i.e. do not reuse passwords.
• For security reason, you are advised to change the initial password after the first access. It is also advisable to change your password on a regular basis.

• Be cautious about accessing your account information or performing sensitive transactions on public computers; make sure you use public computers at a reputable provider – if the PC is not properly secured, hardware and software can be modified to capture keystrokes and other data that could disclose your personal information regardless of the security provided by the website.
• Do not open other Internet browser sessions and access other websites while you are assessing your account information or performing sensitive transactions through the Internet.
• Ensure that others are not looking at your keyboard over your shoulder when you enter your PIN or password, or access to your personal information. This is particularly important at public internet access locations.
• Do not check the box that asks your computer to “remember your passwords” or use “auto complete” function of your browser. That defeats the security of passwords.
• When you have finished with any secure online session (such as accessing your account information), please remember to log-off and close your browser window, and clear your browser’s cache files so that your personal information is not stored in the computer, particularly when using public internet access services.