Security tips for customers

Tip:

CLP reminds you to protect your login information. Never share your log in and password with anyone, including tenants, friends or family members.


Additionally, please remember to update your password regularly to enhances the security of your account and reduces the risk of unauthorized access. 

Fraudulent websites and phishing messages are becoming more and more common. Please refer to the following information and stay alert to avoid being scammed.

1. What is phishing?

Phishing is a common fraud technique involving social engineering. Cyber criminals deceive victims by pretending they are from legitimate organisations and trick victims into providing sensitive information and personal data through electronic communications such as emails, phone calls, social media and SMS. Phishing messages may also include malicious hyperlinks, attachments or QR codes that redirect the recipients to fraudulent websites. Malicious software will then be installed on the victims’ computers or mobile phones, which may result in hacking activities.

2. How to identify a phishing scam

Ask yourself these questions:​

  • Does it request personal information, such as your credit card number, credentials or passwords?​
  • Does it contain any unsolicited attachments? ​
  • Does the request looks suspicious?
  • Does it require you to take unusual actions, e.g. transferring money to an unknown source immediately?
  • Does the sender’s email address or phone number mismatch the contact information of the organisation that it claims to represent, e.g. using @gmail.com instead of an official company domain?​
  • Does it create a sense of emergency? (e.g. threaten you that your account will be deleted if you do not respond)
  • Does it give you an offer/ award that is too good to be true? (e.g. free staycation)
  • Does it contain many spelling mistakes / grammatical errors?

3. How to check whether the communication is from CLP Power

  • We will only use these official domains and subdomains of CLP Power in all of our communications: ​

https://www.clp.com.hk​

https://services.clp.com.hk

https://e.clp.com.hk  ​

https://clp.to  ​

https://web.clp.com.hk​

  • Genuine emails from CLP Power comes from @clp.com.hk or @mail.clp.com.hk only. ​
  • We will never ask customers for their password, credit card details or CVV to verify or unlock their account.

4. Good practices​

  • Set difficult-to-guess passwords and change them regularly.
  • Type the URL manually or follow bookmarks made from previous visits to websites.
  • Do not open any links if you are in doubt. 
  • Always be wary when giving out sensitive personal or account information. 
  • Notify us of any change to your mobile phone number or email address without delay. It helps to ensure our record is accurate and up to date.
  • Always log off after your online session. Do not simply close your browser. Follow the log off instructions to ensure your protection.
  • Install and update your security software promptly. Always use the latest version of the operating system, browser and CLP mobile app.

5. Handling phishing​​

  • If you are concerned you may have disclosed your personal details to any suspicious third parties or want to verify whether the communication is from CLP Power, you should call the CLP Customer Service Hotline at 2678 2678 and reset your login credentials. ​If you suspected that you have been defrauded, consider to report your case to the police. ​
Back to top