HKMA warns public on bank-related phishing and scam websites
HKMA issued a public alert on fraudulent websites, phishing emails, and scam SMS impersonating banks reported by multiple institutions.
HKMA's alert highlights ongoing impersonation fraud targeting Hong Kong bank customers. Banks must reinforce that legitimate communications do not embed hyperlinks and strengthen customer education, monitoring, and takedown processes.
Signals continued elevated fraud risk in retail banking channels and supervisory expectation on proactive customer protection.
Action Required
Review fraud detection, customer communication channels, and phishing response protocols against HKMA guidance.
Recurring HKMA scam alerts indicate sustained supervisory focus on fraud controls and customer protection obligations.
Fraud and scam impersonation risk remains elevated. Controls over phishing detection, customer alerts, and takedown response should be reassessed; effectiveness metrics to be reported to risk committee.
“The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to press releases issued by banks relating to fraudulent websites, internet banking login screens, phishing emails or other scams. HKMA reminds the public that banks will not send SMS or emails with embedded hyperlinks.”
Published: 2026-05-25