Saxo Capital Markets HK has a strong commitment to information security. To meet our high level of security standards as well as those of the legal bodies regulating our business sector, Saxo Capital Markets HK places a strong emphasis on securing the trading platforms that our clients use. Even with this diligent effort in place, you must be aware of what you can do to maintain and safeguard the security of your trading platform and personal data.
At Saxo we put our clients at the heart of everything we do. Safeguarding the company and our clients from cybersecurity threats is essential in being a top choice and trusted partner for them. In an effort to help you detect and protect yourself against cyber-scams, we have outlined a number of common attack tactics used by fraudsters as well as some tips to help you keep safe.
If you have any enquiries, please do not hesitate to reach out to us.Contact us
Phishing is a strategy used by hackers to send an email that contains a request for personal information or a link to an unreliable website controlled by hackers. In the email or on the website, personal information, such as passwords or PIN codes, is requested. By providing this information, hackers can abuse it.
Saxo will never ask for passwords, PIN codes, or credit card details via email or any other media.
Be aware of fraudulent emails, websites and apps, misusing the name of Saxo, aiming at phishing your account credentials. Do not share your Saxo credentials with anyone. Remember: these are personal to you, and should not be shared with either trusted relations or strangers.
What can you do?
When in doubt, 4 simple questions will help you to detect suspicious emails, which need to be reported:
- watch out for phrases such as “verify your credentials/account details immediately”, “submit your account details to…”, “retrieve your prize by…” etc.
- don’t fall for scare tactics such as “…respond urgently, or your account will be closed/deleted”
- Do NOT click on unknown or suspicious-looking links, open or download attachments.
- Fraudulent emails often contain poor grammar and spelling errors in their communication.
- Fraudsters planting a phishing attack often impersonate institutions you trust: always question the legitimacy of the sender.
- Phishing emails often include resembling logos, wording or email addresses (example manipulated email addresses could look like: ...@saxomkts.com, …@sxomarkets.com etc.)
- The official list of email-addresses and websites can be found here.
- Saxo will never request you to provide any log-in credentials, personal information or ask you to transfer cash via email, phone or any other media.
If you believe you have been a victim of a phishing attack claiming to be Saxo, contact us here.
2. Social Engineering
Social engineers target human psychology as a manipulation technique. You may be made to believe that you are communicating with a trusted organisation, such as Saxo, when this person is a Social Engineer, a fraudster, trying to trick you into disclosing valuable information. The fraudster will typically try to pressure you into action by creating a false sense of urgency in their communication, which helps them bypass your common sense.
As society and our everyday lives are becoming increasingly more digitized, so does our reliance on real-time flow of payments. While these solutions enable us to quickly move funds across the globe, if unprotected, they could also open the door to fraudulent activity.
Payment fraud is one of the fastest growing scam schemes, where fraudsters trick victims into transferring large amounts of money to accounts under their control. Since real-time payments are close to irrevocable, fraud victims cannot reverse payments, as soon as the transfer instruction has been sent. A defining feature of such attacks is that the criminals social-engineer and pose as institutions you may trust, for example Saxo Markets, this way luring you into providing personal information and/or transferring funds.Common examples of payment fraud:
- Fraudster could contact you posing as a representative of the institution you trust, claiming that you have been a victim of fraud, and should send funds to another, “protected” account as soon as possible
- You could receive an invoice with a familiar logo and formatting, from an email account resembling the one of your school/bank/accountant requesting payment to an unknown account
- You could receive “personal” messages requesting immediate help via payment from criminals pretending to be your family members or friends
What can you do?
Always be vigilant and never reveal your personal details and credentials. Be careful when dealing with unknown and unverified callers requesting information. Exercise the highest level of discretion if you do receive calls of this nature. The more pressure the caller applies, the more suspicious you should be.
If you are ever contacted by an institution requesting a payment or movement of funds – question the request to the highest degree. Legitimate organisations would not pressure you into rushed payments or request personal details to conduct the transfer for you.
Be aware of the risk of fraudulent phone calls, from callers claiming to represent Saxo, other banks, and authorities. If you are in doubt of whether a call from Saxo is genuine - please call back on one of our official numbers, asking for the person that reached out to you.If you have any concerns or doubts, contact us here.
3. Means of Gaining access
Fraudsters can plot an attack via a multitude of channels – putting your identity at risk should any of your employed access points be less than fully protected.
Common ways of gaining access to your data:Security notifications
- Fraudsters commonly request specific log-in information such as username, password, personal contact details
- Avoid clicking any links and/or responding to the alert by providing your credentials or personal details
- Scammers usually pretend to be a person from an institution you may trust - such as Saxo.
- Some of the tell-tale signs of scam calls:
- Indications of a problem with your account or profile
- Request for personal information in order to protect your account
- Request to move funds to a “protected” account
- The best way to beat a scam call is to hang-up. If you want to make sure your account is protected, call the institution directly, using the phone number provided on their official website.
- If you are ever asked for this information from someone stating they represent Saxo – contact us immediately here.
- Social media scams are becoming increasingly prevalent as a larger share of our personal lives is shared online
- By examining your publicly available content and/or befriending you, fraudsters can retrieve vulnerable personal information and commit identity fraud
- This is why it is important to be diligent in ensuring your social media accounts are protected at all times: make sure each account has a unique set of credentials, log-off the account once you are not using it, review account settings and the public you are sharing with on an ongoing basis
- Malware is a software specifically designed to infect user devices, attempting to steal personal information
- Hackers employ malware to scan through the information stored on your device and reuse it to access other platforms passing as you
- Make sure to always lock your devices and log-off from platforms and websites when you are no longer using them
- Avoid clicking on suspicious links and downloading anything you are not familiar with – said actions may initiate the installment of malware onto your device.
- Another type of malware to be wary of is ransomware – this is where fraudsters manage to attack, lock and encrypt the files belonging to the victim, thereafter demanding ransom for their return.
4. Protect yourself from fraud
2FA Risk Awareness Statement
At Saxo we encourage all clients to register for the 2-Factor Authentication (2FA) feature when navigating our platforms. 2FA helps you further secure your online trading account and prevent possible losses due to a potential account compromise. Read more about 2FA here.Additional tips
- Ensure your personal email account registered with Saxo is protected: use a secure password and update it regularly. We encourage employing 2FA when possible.
- Create unique and secure passwords for each platform: by using individual passwords for each access point, you can limit your exposure to fraud.
- In general, the longer your password is – the better. Make sure to mix both lower and upper-case letters, symbols and characters. Most importantly – avoid including personal information and easily memorable keyboard paths into your password.
- Do not write down or save your Saxo or any other credentials in browsers as this subjects them to malware attacks.
- Never enter your credentials/log-in details into platforms or websites you are unfamiliar with
- Ask questions and be critical: fraudsters can sound very convincing, especially since they are trained in creating a sense of urgency – always ask questions to verify if the call/email is legitimate.
Read more about our Security Guidelines here.
For additional fraud-related advice and information you can visit https://www.pcpd.org.hk/ or call the Office of the Privacy Commissioner for Personal Data hotline at +852 3423 6611.