Firstly, you need to ensure that the web links that leads you to the website is obtained from legitimate publications of the website owner or other trusted sources. Do not follow the web links provided by untrusted sources (e.g. Internet mails) without careful checking.

If the website requires you to enter sensitive information, it should provide a 'server certificate' for you to verify its authenticity. You can examine the content of the certificate, the issuing certification authority (e.g. Hongkong Post CA), the validity period and whether the certificate has been suspended or revoked.

If you are in doubt, leave the website and contact the related website owner or organisation for further information.

If you are entering sensitive information to a website, it is common that the website will establish a encrypted communication session with your browser. In this way, all data transmissions between your browser and the website are encrypted. During such session, you will find that the URL address of the website will start with "https:" instead of normal "http:", and there is a yellow lock icon in the status bar or near the address bar of your browser.

Keeping a note of emergency or loss reporting contacts can help you to report any security incidents (e.g. when you find the transaction records in doubt, or suspect that your accounts have been compromised) as soon as possible. This will minimize your loss or damage in case of an identity theft, since the compromised accounts can be suspended accordingly.