HKMA issues multiple scam alerts on bank-impersonation fraud
HKMA issued repeated alerts on fraudulent websites, phishing emails, and bank-impersonation scams reported by multiple banks.
Recurring HKMA scam alerts indicate sustained social engineering and phishing activity targeting Hong Kong bank customers. Banks are expected to strengthen detection, customer education, and rapid takedown processes to mitigate consumer harm and operational losses.
Persistent fraud activity drives conduct, operational, and reputational risk and may trigger supervisory scrutiny of controls.
Action Required
Reinforce anti-phishing controls, customer warnings, and fraud detection monitoring across digital banking channels.
Repeated alerts highlight elevated fraud risk and the need for stronger digital channel protections.
Update fraud RCSA with elevated phishing threat. Validate URL takedown SLAs, customer alerting, transaction monitoring rules, and staff training on impersonation scams.
“HKMA alerted the public to press releases by banks regarding fraudulent websites, internet banking login screens, phishing emails or other scams reported to the HKMA.”
Published: 2026-05-22