Security Blog

Secure your Email - it is essential to the Overall Security of Mobile Payment Services

Release Date: 09 / 11 / 2018
Last Update: 09 / 11 / 2018

We are aware of recent security incidents related to mobile payment. In one of the incidents, it was reported that the attacker compromised a victim's email account to find way to take control of his mobile wallet and transfer money out to a prepared account of the attacker. As email is increasingly used for push notification in verification of registration and transaction in mobile payment, email security becomes critical to the overall security of mobile payment services.


HKCERT advises you to take the following protection measures to enhance your email security:

  • Use strong password in your email service.
  • Use two-factor authentication as far as possible to secure your email account. Here are the procedures for setup for some popular email service providers:
  • Monitor and review login activity. Here are the procedures for how to check the login activity:
  • Use different email address for different account. For example, avoid using the same email address for banking and gaming services. Also use different passwords for different online services.
  • Be vigilant to suspicious email or website which asks you to provide your login credentials.
  • Do not use public Wi-Fi to access sensitive services. Using telecommunication network is more secure.