AFT (Hong Kong) (“AFT”) is committed to ensuring information security. To meet the stringent security standards set by us and the regulatory bodies overseeing our business, AFT places great importance on the security of the trading platform used by our clients. While we implement and enforce appropriate measures, it is also essential that you understand the actions you should take to maintain and safeguard the security of your trading platform and personal information.

All operations at AFT are client-centered. To be our clients' preferred and trusted partner, it is crucial to protect both our company and our clients from cybersecurity threats. To help you recognize cyber fraud and protect yourself, we have listed some common attack methods used by fraudsters and provided tips to ensure your safety.

• Phishing
• Social Engineering
• Methods to Gain Access
• Protecting Yourself from Fraud

If you have any questions, please feel free to contact us.

Contact Us

1. Phishing

Phishing is a method used by hackers to send emails requesting recipients to provide personal information or click on links to untrusted websites controlled by the hackers. The email or website will request personal information such as passwords or PINs. Once you provide this information, the hackers can misuse it.

AFT will never ask for your password, PIN, or credit card details via email or any other medium.

Beware of fraudulent emails, websites, and applications misusing AFT's name to trick you into providing your account credentials through phishing. Never share your AFT authentication information with anyone. Remember: this is your personal information and should not be shared with trusted individuals or strangers.

What can you do?
If in doubt, you can identify suspicious emails that may require reporting by asking yourself four simple questions:

Does the message create a sense of urgency?

• For example: Beware of phrases like "Verify your authentication details/account information immediately," "Submit your account information to...," or "Claim your prize by...".
• Do not fall for scare tactics like "Reply immediately, or your account will be closed/deleted".

Does the email contain any suspicious links or attachments?

• Do not click on unknown or suspicious-looking links, open or download attachments.
• Fraudulent emails often contain poor grammar and spelling mistakes.

Does the sender's email address look correct?

• Phishers often pretend to be an organization you trust: always check the sender's identity.
• Phishing emails often contain similar logos, wording, or email addresses (e.g., manipulated email addresses might be: [email protected], [email protected], etc.)
• You can find email addresses and official website information here.

Has the sender asked you to provide or verify personal information and account credentials?

• AFT will never ask for any login credentials, personal information, or request a money transfer via email, phone, or any other medium.

If you believe you have encountered a phishing attack claiming to be from AFT, please contact us here.

2. Social Engineering

"Social engineering" is a tactic used by fraudsters to manipulate human psychology. When a "social engineering" scammer tries to trick you into disclosing important information, they may make you believe you are communicating with a trusted institution such as AFT. Scammers often create a false sense of urgency in their communications, making you feel panicked or anxious, leading you to bypass common sense and take action.

Payment Fraud

As society and our daily lives become increasingly digital, our reliance on instant payments has also grown. While these solutions help us transfer money quickly around the world, they can also open the door to fraud if not protected.

Payment fraud is one of the fastest-growing scam schemes, where fraudsters trick victims into transferring large amounts of money to accounts they control. Since instant payments are almost irreversible, once a victim issues a transfer, they cannot retract the payment. A hallmark of these attacks is that the criminals will use "social engineering" to impersonate institutions you may trust (e.g., AFT) to trick you into providing personal information and/or transferring funds.

Below are common examples of payment fraud:

• Fraudsters may contact you posing as representatives of a trusted institution, claiming you have been a victim of fraud and should quickly send funds to another "protected" account
• Fraudsters may use email addresses similar to your school/bank/accountant’s email account, sending invoices with familiar logos and formats, asking you to make payments to an unknown account
• Criminals may impersonate your friends or relatives, sending a "personal" message requesting you to make an urgent payment to help

What can you do?

Always remain vigilant and never disclose personal information and credentials. Be cautious when unknown and unverified callers ask for information. If you do receive such a call, respond with the utmost caution. The more pressure the caller applies, the more skeptical you should be.

If at any time an institution contacts you requesting a payment or fund transfer, remain highly suspicious. Legitimate institutions will not pressure you to make a hasty payment or ask for your personal information to transfer money on your behalf.

If a caller claims to represent AFT, another bank, or a government agency, be alert to the risk of a fraudulent call. If you doubt the legitimacy of a call from AFT, contact us at our official phone number to find the person contacting you.

If you have any concerns or questions, please contact us here.

3. Methods to Gain Access

Fraudsters can plan attacks through multiple channels, and if any access point you use is not fully secured, your identity is at risk.

Common ways to gain access to information:

Security Notifications

• Fraudsters often ask for specific login information, such as usernames, passwords, and personal contact details
• Do not click on any links and/or provide your credentials or personal information in response to alerts

Fraudulent Calls

• Fraudsters often impersonate employees of institutions you may trust (e.g., AFT).
• Here are some signs of a fraudulent call:
  • Claiming there is an issue with your account or personal profile
  • Requesting personal information to secure your account
  • Asking you to transfer funds to a "protected" account
• The best way to deal with a fraudulent call is to hang up. To ensure your account is secure, contact the institution directly using the phone number provided on their official website.
• If at any time someone claiming to represent AFT requests this information, contact us immediately here.

Social Media

• As people increasingly share personal lives online, social media scams are becoming more common.
• Fraudsters can gather vulnerable personal information and commit identity fraud by reviewing your public content and/or becoming your friend.
• Therefore, always ensure your social media accounts are protected by having unique credentials for each account, logging out when not using accounts, regularly reviewing account settings, and knowing with whom you are sharing information.

Malware

• Malware is designed to infect users' devices with the intent of stealing personal information.
• Hackers use malware to scan the information stored on your device and use it to access other platforms using your identity.
• Always lock your device and log out of platforms and websites after use.
• Do not click on suspicious links or download files you are unfamiliar with, as these actions may prompt the installation of malware on your device.
• Another type of malware to be aware of is ransomware. Fraudsters can use ransomware attacks to lock and encrypt a victim's files, then demand a ransom to return the files.

4. Protecting Yourself from Fraud

2FA Risk Awareness Statement

AFT encourages all clients to register for two-factor authentication (2FA) when accessing our platform. 2FA provides an additional layer of security for your online trading account and helps prevent potential losses due to account theft.

Additional Tips

• Ensure that your personal email account registered with AFT is protected: use a secure password and update it regularly. We recommend using 2FA whenever possible.
• Create secure and unique passwords for each platform: Using different passwords for each access point reduces the risk of fraud.
  • In general, the longer the password, the better. Ensure it contains a mix of uppercase and lowercase letters, symbols, and characters. Most importantly, avoid including personal information and easy-to-guess keyboard paths in your passwords.
• Do not write down or save your AFT or any other credentials in your browser to avoid them being compromised by malware.
• Do not enter authentication/login details on unfamiliar platforms or websites
• Question and remain skeptical: Fraudsters can sound very convincing, especially because they are trained to create a sense of urgency. Ensure you ask questions to verify if the call/email is legitimate.