HKICL warns of fraudulent website impersonating clearing house
HKICL flagged a fraudulent website (paymentystem.lat) impersonating the clearing house to harvest credentials via WhatsApp social engineering.
HKICL identified a phishing site impersonating it and routing victims to fraudster-operated WhatsApp chats. The scheme targets login credentials and reflects continued abuse of payments brand trust in Hong Kong. Institutions should align fraud controls and customer awareness messaging.
Payments-related impersonation scams elevate fraud loss exposure and customer protection obligations for HK banks and PSPs.
Action Required
Update phishing detection rules, brief customer-facing staff, and reinforce client communications regarding legitimate HKICL channels.
Direct impersonation of HK payments infrastructure has systemic fraud implications across all participating banks.
Phishing impersonation of HKICL increases credential theft and APP fraud risk. Validate URL filtering, customer alerts, and WhatsApp impersonation detection.
“The Hong Kong Interbank Clearing Limited (HKICL) has recently noted a fraudulent website at hxxps[:]//paymentystem[.]lat purported to be from the HKICL. The fraudulent website intends to trick user into giving away login credentials and directs user to WhatsApp chats with the fraudster impersonating as customer service personnel.”
Published: 2026-06-01