Customer Service

We have been committed to promoting information security and actively protect customer accounts and personal information and reduce the risk of fraud through various protection measures.

This page provides comprehensive resources for Octopus Online Services Safety, aiming to enhance your security knowledge, safeguard your money, and personal data with related information, guide, and tips.

• Octopus Online Service Safety Tips
• Octopus Online Service Safety Guide

Beware of phishing emails, text messages and fake websites

Phishing is a type of cybercrime in which scammers will pretend to be legitimate institutions, such as banks, online stores, government departments, etc., and send you phishing emails or text messages, attempting to trick you into clicking on the embedded link, which will direct you to a fake website that is very similar to the official website of the relevant organisation, thereby defrauding your personal information, credit card information, mobile phone number, verification code, etc. The scammer can then log into your account to steal money or make unauthorised transactions.

To guard against phishing, Octopus reminds you:

1. To help you identify Octopus SMS instantly, we have joined the “SMS Sender Registration Scheme”, using registered sender IDs #Octopus and #OctopusOTP when sending SMS to local mobile users. If you receive SMS claiming to be from "Octopus" and the sender ID doesn’t start with "#", please be vigilant.
2. Do not open emails or text messages from unknown sources.
3. Do not click on embedded links or download attachments in suspicious emails, text messages or web pages.
4. Do not visit suspicious websites or follow the links provided in those websites.
5. Verify the sender’s information carefully.
6. Always be wary when giving off sensitive personal or account information, never enter personal, credit card information and one-time passwords into applications or websites from unknown sources.
7. Octopus will not ask you to provide personal information/ password/ credit card information through embedded links in emails or text messages. If you suspect that you have been scammed, you should immediately call the Octopus customer service hotline 2266 2222 for verification or call the police “Anti-Scam Helpline 18222” for enquiries.

Beware of Malicious Octopus App

Malware (malicious software) is a generic term for a number of different types of malicious code. It is often used by scammers to disrupt normal computer functions, steal data, gain unauthorised access, etc.

Scammers will publish fake advertisements and offers via social media, emails or messages to lure you to download malicious app that look similar to the official apps in order to obtain relevant offers. In reality, the application is a fake app with malware, aiming to control the your mobile phone and steal the data on the phone, including personal information, credit card information and passwords. Once you install the malicious app, the scammer can take control of your device and log into your mobile banking apps or payment tools and conduct unauthorized transactions without your knowledge.

To guard against malware, Octopus reminds you:

1. Beware of suspicious "pop-up ads" to prevent malware from invading your mobile device, or being directed to fake websites or apps where your data can be stolen by the scammers.
2. Use and update anti-spyware software regularly to help block malware or spyware from being installed on your mobile device
3. Use legitimate software from original sources. Pirated software or software from unknown sources may have been tampered with or modified by spyware or virus. Using any such software may increase the risk of exposing your mobile device to viruses, spyware or other software that can result in damage to your device or theft of your personal information.
4. Download the Octopus App or Octopus App for Tourists from the Octopus official website or authorised app stores.
5. Download an authorised mobile payment app from an authorised app store and add Octopus as a mobile payment for the use Octopus Card on Mobile.

Suspension of the Screen Mirroring, Capturing and Recording Features of Octopus App on Android Devices

Recent years, scammers have used a variety of ploys to trick Android users into installing malicious mobile apps. They then use the device’s screen capturing and recording functions to steal users’ login information for various online accounts.

The Android system allows users to download third-party applications in APK file format, thereby installing apps that have not been reviewed by Google Play and have not been approved for listing. These apps may contain harmful information and are also more susceptible to malware being added by hackers. They may even be fake apps that contain malware themselves.

To protect account security, Octopus has disabled screen mirroring, capturing and recording functions on Octopus App via any Android devices for the following three types of screens to protect account security:

1. Involving input of any login credentials, including but not limited to user ID, password and one-time password (OTP).
2. Displaying direct payment information, including but not limited to Octopus MasterCard number, Octopus UnionPay QR code and eLaisee QR code.
3. Screens showing and for input of customer sensitive information, including but not limited to the application of services of JoyYou Card and Octopus Wallet Upgrade via electronic Know-Your-Customer (eKYC).

Be Cautious of the Faster Payment System Suspicious Proxy ID Alert

Under the mechanism of “Suspicious Proxy ID Alert”, you will be alerted of the high risk of fraud if the payee’s account / FPS proxy ID (including mobile phone number, email address, FPS Identifier) is related to a scam reported to Hong Kong Police Force and is listed as “High Risk” as per the scam prevention advice on “Scameter”. An alert message will be displayed, reminding you to think twice before deciding whether to cancel the transaction or continue with the payment.

Octopus reminds you, before using the FPS proxy ID for payments, you should:

1. verify the payment details and the identity of the payee meticulously;
2. ensure that your Octopus App is updated with the latest version featuring the “FPS Suspicious Proxy ID Alert” function;
3. cancel the transaction immediately when in doubt.