Dear Customer,

Security Advice of CMSI

To protect your valuable assets, we would like to draw your attention to the following security advice that we prepared for you in relation to usage of internet trading system.

·         Tips to Help Protect Your Personal Information

ü Do not disclose your personal information (e.g., HKID / passport number, address, account number) to any persons or websites you are suspicious of.

ü Do not expose your login ID or passwords to any third parties (CMSI staff and Police will never ask you for your password for identity verification).

ü Change your personal information (e.g., ID/passport number, address, mobile & email address) immediately if your information is renovated.

·         Password Tips

ü Change your password periodically and at least every 3 months.

ü Avoid reusing the same password for multiple websites.

ü Use complex characters (including uppercase/lowercase letters and numbers).

ü Choose a password that is difficult for others to guess.

·         Help Secure Your Device and Account

ü Install recommended security and software updates for your computer or device.

ü Do not open any suspicious emails or SMS messages. Do not click on embedded hyperlinks in emails or SMS messages (including QR code). Do not enter confidential personal information, user credentials and one-time passwords into websites or mobile applications that they are re-directed to.

ü Do not forward your one-time password to other devices.

ü Type the website address (URL) or use a bookmark to enter the website of CMSI. Avoid accessing the website through hyperlinks embedded in the email, internet search engines, and suspicious pop-up windows.

ü Use a trusted and secured computer or mobile device for internet trading. Always log out website or system after you finish your trade.

ü To protect your computer or mobile device, activate the auto-lock function; install reputable anti-virus, anti-spyware and anti-malware software and keep them updated; set up a personal firewall.

ü Use the latest operating system versions, apps, software, and browser. Keep software up-to-date.

ü Install Scameter and the mobile application Scameter+ and make use of them to check whether a website, phone number, email, etc is likely fraudulent or not by running a search against Scameter’s database. Scameter+ can alert a user in real time if it detects the user trying to visit a potentially fraudulent website.

ü For the network functions, disable any wireless network functions (e.g., Wi-Fi, Bluetooth) not in use. Choose encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection settings.

ü Always consider data security and privacy when downloading and installing any software and apps into your computer and mobile device.

ü Don't store your account credentials or password on computers, mobile phones, or placed in plain sight, and don't use a single password for all your accounts, e.g., email account or banking account.

ü Don't log in to your online account when there is an unusual pop-up screen or window, abnormal slow computer response, and when unexpected steps or information are required.

ü Don't use a public computer or an unknown and insecure network connection to access your online account.

ü Don't share your computer or mobile device used to access your online account with other people.

ü Don't download and install any unknown software to access your online account.

ü Be vigilant of fraudulent websites masquerading as legitimate businesses to lure unsuspecting users into revealing private account information.

ü Check regularly for any unusual activities in relation to your accounts, such as by reviewing the notifications sent to you on system login, password reset, trade execution or changes to client and account related information, to identify signs of attackers’ attempt to conduct unauthorised trading, whether successful or not. Please inform us immediately in case of any suspicious unauthorized trades or please report promptly to the Hong Kong Police Force (HKPF)  any unauthorised trading incidents.

ü Check regularly on the statements and your account balance provided by CMSI and verify your transaction records. Please inform us immediately in case of any suspicious unauthorized trades or please report promptly to the Hong Kong Police Force (HKPF)  any unauthorised trading incidents.

ü For clients who have opted out from trade execution notifications, please review this setting periodically. These notifications help instantly identify any unauthorized trading activity, whether successful or not. To reactivate the service, please contact your Account Manager. Please inform us immediately in case of any suspicious messages or activities.

(Please visit our corporate website, http://www.cmschina.com.hk/en/AboutUs/SafeTips, for more security information; and the website of the Investor Education Centre, a subsidiary of the SFC, for cybersecurity tips through https://www.thechinfamily.hk)

Please do not reply to this system-generated message. If you have any queries, please contact our Customer Services Hotline at (852) 3189-6368 or (86) 400-1200-368.

Yours faithfully,

 China Merchants Securities International Co., Limited

This message is confidential. If you have received this message in error, please contact us at (852) 3189-6368 and delete it from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. CMSI cannot guarantee the integrity of this email transmission, as information can be intercepted, corrupted, delayed, lost, or incomplete. CMSI shall not be liable for the improper or incomplete transmission of the information in this email nor for any delay in receipt or damage to your system.