Hong Leong Islamic Bank – Register & Security Tips

Register & Security Tips

All the details you need to conduct your business banking with ease, via
Hong Leong ConnectFirst (HL ConnectFirst).

Register Now

Step 1

Download and complete the Application Form and related documents.

Step 2

Submit the Application Form and Related Documents to any HLBB/HLISB Branches.

Subscribing to Business Electronic Banking?

Download and complete the Application Form and related documents as per below:

Document Download Sole Proprietorship / Partnership Companies (Sdn Bhd / Bhd / Limited Liability Partnership)
Business Account Application form:
Part A (Page 01) + Part C (Page 07,08,09 & 10) including Appendices
Click Here

Board/Partners Resolution duly passed and certified in accordance with

(a) Memorandum & Articles of Association (M&A) or constitution, if any

(b) LLP Agreement

Note : Refer to Appendix 1 or 2 for Board/Partners Resolution

sample (where applicable)


Letter of Authorisation

Note : Refer to Appendix 3 for sample

Photocopy of NRIC/Passport for both System Administrator & System Authoriser


Other Business Account Linkage (If applicable)
Linking Letter of Consent from Owner/Partners/Authorised Signatories

Click Here

Copy of Certificate of Registration of Business (Form D) of related business enterprise



Linking Board/Partners Resolution duly passed and certified in accordance with

(a) Memorandum & Articles of Association (M&A) or constitution, if any

(b) LLP Agreement

Click Here


Companies Incorporated Prior to 31 January 2017: 

  • Forms 24 & 49 of related entities

Companies Incorporated on/after 31 January 2017: 

  • Super Form and relevant forms/ documents evidencing changes thereafter (if any)

For LLP: 

  • Notice of Registration or Certified Copy of Registration from Registrar of LLP & Certified True Copy of LLP Corporate Profile as obtained from CCM

Click on the link below to download Hong Leong Online Services Terms and Conditions

Security Tips

sharing help support en


Sharing Is Not Always Caring


Never share information such as your username, password, MyKad number and etc. via emails or pop-up windows and phone calls.

Don't click


Don't Click


Links in emails, SMSs, or pop-ups. Always type the web address yourself.

Be precise


Be Precise


Always type in the correct internet banking website address directly into the address bar of your internet browser.

Securely store


Shred or Securely Store


Your printed statements.



Make It Complicated


Your password that is, Create one using a combination of alphabets and numbers, which makes it harder to guess. Make sure you never write your password down and that it's changed regularly.

Check and monitor


Check & Monitor


Your transaction records as often as you can! This way you will notice if there is anything suspicious.

Keep it private


Keep It Private


Never use a public computer or an unsecured wireless network (WiFi) when performing online transactions.

Disable auto complete


Disable the Auto-complete & Auto-save Function


For usernames and passwords.

Don't keep your cache


Don't Keep Your Cache


After every online session, clear your internet cache. Usually this button is under the Internet Options section of your internet browser.

Look out for padlock on browser


Look Out For the Padlock on Your Browser


When visiting websites that require you to share your security information. Make sure it's there as the icon indicates that the website uses a secure connection. When it comes to your online safety. Visit www.mycert.org.my to find out the latest internet thread

Junk it


If You Doubt It, Junk It


No matter how legitimate it may seem, never respond to unsolicited emails.

Invest a little


Invest A Little


In computer security such as a personal firewall, anti-spy, and anti-virus software. Make sure it's updated regularly!

  • You receive an email, SMS or phone call claiming to be from Hong Leong Bank, asking you to provide personal financial / security information or TAC
  • You receive emails or SMS containing a URL internet link which will lead you to a fraudulent unsecured login site
  • You receive emails requesting you to open attachments or free software that may contain malicious software like viruses, spyware and trojans that are designed to steal your personal data
  • Pop-up advertisements asking for personal or financial information are likely fraudulent, so it's better to just close them

Hong Leong Bank has incorporated the following security features:

  • 8- 16 alphanumeric character User ID for all Hong Leong Connect BIZ (HL Connect BIZ) customers and 8-32 alphanumeric character User ID for all Hong Leong ConnectFirst (HL ConnectFirst) customers.
  • 8 - 12 characters of alphabets and numbers and is optional to add special characters Password for all HL Connect BIZ / HL ConnectFirst customers.
  • HL Connect BIZ / HL ConnectFirst access will automatically log you off if there is no activity performed after a while.
  • Your HL Connect BIZ / HL ConnectFirst will be deactivated (dormant) if you do not login for 365 days.
  • Upon 3 times unsuccessful attempts to log in, the ID will be automatically blocked.
  • Up to 256-bit encryption with 128-bit minimum enabled by EV SSL certificate to secure online transactions.


Security token:

  • 2 factor authentication which is based on knowledge factor and possession factor
  • Customizable authorisation matrix to allow single or multiple authorisation.
  • Token PIN will be used as an additional method to identify that it is you who is using the token and authorising the session/transaction in HL Connect BIZ / HL ConnectFirst. Challenge Code will be auto-triggered to the token to authenticate certain online transactions, several settings, registration and reset.


Precaution tips to safeguard the Security Token, Security Codes in order to prevent unauthorised and fraudulent use of HL Connect BIZ / HL ConnectFirst:

  • Do not disclose the Security Codes or cause the Security Codes to be disclosed to anyone;
  • Install the necessary anti-spyware and firewalls so that the equipment from which you are accessing to HL Connect BIZ / HL ConnectFirst will not allow recording of the transaction activities;
  • Always logged in to the correct URL ( http://www.hlb.com.my / www.hlisb.com.my );
  • Do not utilise HL Connect BIZ/ HL ConnectFirst access through Internet cages, public computer or an unsecured wireless network (WIFI);
  • Change the Password(s) when requested to on a periodical basis;
  • To memorise the Security Codes and not recording them;
  • To inform our Customer Service at 03-7661 7777 or email us at cmp@hlbb.hongleong.com.my immediately if there is any suspicion that any Security Codes has been disclosed to a third party and/or if the Security Token is lost or misplaced by the Customer, to enable HLBB/HLISB to prevent fraudulent or unauthorised use of HL Connect BIZ/ HL ConnectFirst;
  • To ensure that a sign out of HL Connect BIZ/ HL ConnectFirst and Website must be done whilst the computer terminal is unattended;
  • The Security Token and Security Codes are issued solely for your usage and shall not be transferred, pledged or otherwise used as security in any form;
  • Any changes of the Security Token user shall be informed to the Bank with immediate written notice.


phishing help support en


What is Phishing?

Phishing is an automated form of social engineering used by fraudsters to deceive one to give away sensitive information. The initial phishing email is designed to entice the recipient to open the email and click on the links provided. The fraudsters use multiple methods to do this including enticing subject lines, forging the address of the sender, using genuine looking images or text and disguising the links within the email.



How to protect yourself from Phishing?

Never click on unknown website links or open an attachment sent via email, SMS, Twitter, WhatsApp or other popular text/instant communication applications, especially when the content is related to financial matters.



Malware Alert

malware alert help support en


1.0 What is Malware?


Malware is short for Malicious Software.

The commonly known malwares are like viruses, worms and trojan horses. Malware is any kind of hazardous software that is installed in your electronic device without your knowledge or consent.



2.0 How does the "Zeus" malware work on infected computer or mobile/table devices?


Once the device is infected with malware, the fraudster is able to inject modified fake contents or pages while you are accessing a legitimate online banking website via your Internet browser.





The bank will never communicate to you with urgent appeals that your account may be suspended or closed if you fail to confirm, verify or authenticate your company's banking information on the website.



3.0 Does the "Zeus" malware affect all smartphone operating systems?


Based on initial analysis by Malaysia Computer Emergency Response Team (MyCERT), the affected systems are:


  • Smartphone running on Android platform
  • Vulnerable and unlatched Windows Operating System



4.0 How does malware infect your computer, smartphones or table device?


4.1 From email with Website URL hyperlinks or attachments: Opening an email attachment or clicking on a hyperlink may contain and allow the malware to be installed into your PC, smartphone or table devices. When receiving an email with a hyperlink or an attachment, if the email was not expected or from someone you don't know, delete it. If the email is from an organisation or someone you know and you're not expecting it or requested for it, be cautious too; do not click on the given hyperlink or open the attachment as instructed, contact the sender to verify beforehand


4.2 From mobile SMS or MMS with website URL or attachments: Same as above emails with hyperlinks or attachments


4.3 From instant mobile or web messaging with website URL or attachments: Same as above emails with hyperlinks or attachments. Examples of instant messaging are WhatsApp, Twitter and Line.


4.4 Accepting without reading: A user accepts what is prompted on the screen without reading the prompt or understand what it's asking. For example: while browsing a webpage, an Internet advertisement or window appears that says your computer is infected with a virus or malware; you have won a prize; asking to complete a survey or that a unique plug-in is required. Without fully understanding what is it you're getting, you accept the prompt that will install a malware.


4.5 Downloading applications (apps) from a website: download programs only from the reputable websites and with a valid digital signature. If you are unsure, leave the site and research the website and the software you are being asked to install. If it is OK, you can always come back to site and install it. Files that don't have a digital signature or were downloaded from an unknown source should always be treated as dangerous.


4.6 Not running the latest operating system, web browser or application updates: Running a web browser, applications or operating system that is not up-to-date with the latest updates can be a big security risk and can be a way your computer becomes infected. Some of the updates from your computer, smartphone/mobile, table device manufacturer, web-browser or application provider (e.g. Microsoft, Apple, Blackberry, Samsung, LG, Adobe, Google, Mozilla etc), are security updates. Make sure you perform and have the latest updates to minimise the risk of malware infections.


4.7 No antivirus scanner: It's highly recommended that you have some form of antivirus on your computer, smartphone/mobile or tablet devices to help clean it from any infections currently on the computer and to help prevent any future infections



5.0 How to protect yourself from malware?


5.1 Never click on unknown website link or open an attachment sent via email, SMS, Twitter, WhatsApp or other popular text/instant communication applications, especially when the content is related to financial matters.


5.2 Be a smart surfer when browsing websites that are new to you, be careful of any pop-up window that request for your personal information or prompts you to use certain program.


5.3 Be very selective of the files or programs that you would like to download, always double-check the genuineness of the website and the source, even if it comes from your friends.


5.4 Keep your operating system, internet browser, applications and firewall up to date.


5.5 Install robust anti-virus, anti-spyware and firewall software on your computer and other devices and configure it to update automatically in a regular internals.


5.6 Run full system scan periodically to remove any new found virus or malware, and you must reset your password and clear all browser caches, history, cookies, before you login to your online banking again.



6.0 Take note of any unusual signs on the daily handling of your mobile devices:


6.1 High frequency of apps crash unexpectedly


6.2 Device battery drains out quickly


6.3 Pop-up notification or advertisement to install other apps


6.4 Overall device performance becomes sluggish without apparent reason


6.5 Outgoing and incoming SMS/calls being disrupted



7.0 IMPORTANT REMINDER when you're assessing Hong Leong Connect:


7.1 Do not respond to any form of pop-up screen or window or additional web pages asking for your personal info and smartphone platform (Android, Windows, etc)


7.2 Do not simply download and install/update any app on your computer or mobile/tablet devices without verification


7.3 Do not root or otherwise 'Jailbreak' your computer or mobile/tablet devices and avoid side loading (installing from non-official sources)


7.4 Notify the Bank immediately when you came across anything suspicious or unusual web pages asking for personal information when you are about to login to your Hong Leong Connect BIZ.


7.5 You are advised not to proceed with your online banking transactions until your computer or device has been checked and disinfected

Password cracking


Password Cracking


Password cracking is a common way to retrieve a password by repeatedly trying to guess for the password. The most common method of password cracking is guessing and dictionary attack.

Keystroke logging


Keystroke Logging


Keystroke logging or more commonly known as key logging is a way of obtaining passwords or info by capturing what user's type. It is a diagnostic tool that comes in the form of software or hardware (i.e. inserted in the keyboard).

Login spoofing


Login Spoofing


Login spoofing is a way of obtaining a user's username and password. The user is presented with the bank's Login page to prompt for the username and password. When the username and password are entered, the information is then passed to the attacker.

Shoulder surfing


Shoulder Surfing


Shoulder surfing as it suggests, is a way of obtaining a user's username and password by peeping.





Spyware is a computer software that is often installed into a PC without user's knowledge and usually takes place during user's download of free software, games or subscribing to free online services from the Internet. Once installed, it does not only monitor user's surfing activity but also capable of retrieving any personal and sensitive information that is being transmitted on the Internet before it is sent in the background to interested parties.

Trojan horse


Trojan Horse


Trojan horse is a type of malware (malicious software) which allows unauthorised access by attacker to user's computer and more often for the purpose of data theft (e.g. personal information, bank account numbers and password). It can be spread through opening email attachment from unknown person or visit to unknown websites.

Mule scam


Mule Scam


As the result of responding to spam email or job recruitment that offers opportunities to make easy money, a person could fall for a mule scam. This person is known as "money transfer agent" or "money mule" whereby a mule's bank account is used to receive stolen money from phishing victims and such account also act as a transit prior to the funds being sent abroad and later to be withdrawn by the fraudsters.

corebot hl connect biz en




Trojan targeting online banking sites. The malware first hooks on the web browsers to monitor the victim's browsing sessions. When a relevant website is detected, it will steal the victim's credentials as they login. Then it will display a phishing page to trick the victims into supplying additional information. At this point, the attackers are alerted to take over the session via an Man-in-the-Middle attack. Victims are presented with a "please wait" message while the attackers connect to the destination through a virtual network computing module. This allows the attackers to initiate new transactions or hijack the current transfer process to send money to another account.


TIPS: End Point protection/Anti-Virus must be updated with the latest virus definitions. Cautions using the USB and do not use USB from unknown sources. Disable workstation AutoPlay features. Avoid download suspicious file from Internet or email attachment.


mobile malware hl connect biz en


Mobile Malware


Mobile malware intercepts SMS OTP (One-Time PIN) via compromised mobile phones. The malware will first deceive the victims to install it by social engineering and gains excessive permissions. Then, the malware will pretend to install mobile apps and requests credit card information from the victims. With excessive permissions, malware can bypass fraud prevention controls when fraudsters make fraudulent transactions with the stolen credit card information and SMS OTP.


TIPS: Keep device operating system up to date. Installation of apps must be from trusted sources, such as Google Play and Apple App Store. Encrypt your devices, where possible. Install anti-malware.


webad hl connect biz en


WebAd Poisoning


This is a social engineering technique. Whenever the victims visit the malicious advertisement sites, the vulnerable workstations will be infected with malware. Some dangerous adwares might potentially observe the victim's browsing habit, and send their sensitive information to the attackers without their consent. This threat mainly leverages on the weaknesses of Adobe Flash.


TIPS: Disable Adobe Flash on your computer or at least set the Adobe Flash plug-in to "click-to-play" mode, which blocks the automatic infections. Keep up-to-date with all the security patches and install them as soon as they come out. Windows Update or MacOSX Updates, Enable or download AD Blocker at your browser.

Call 03-76617777 or drop by your nearest Hong Leong Islamic Bank branch today!