HKMA issues further scam alert on bank impersonation
HKMA published an additional scam alert covering bank-impersonation phishing and fraudulent login pages reported by member banks.
Second alert in the same week signals sustained fraud activity targeting HK bank customers. Firms should validate that fraud monitoring, customer warnings, and incident reporting to HKMA align with regulator expectations.
Repeated alerts indicate persistent fraud campaigns requiring continuous control validation by retail banks.
Action Required
Reassess phishing kill-chain controls and confirm rapid takedown SLAs with domain registrars and hosting providers.
Frequency of HKMA scam alerts is a leading indicator of heightened fraud risk environment.
External fraud trend remains elevated. RCSA should reflect increased inherent risk and confirm effectiveness of phishing detection and customer notification controls.
“The HKMA alerts the public to press releases issued by banks relating to fraudulent websites, internet banking login screens, phishing emails or other scams. Banks will not send SMS or emails with embedded hyperlinks to banks' websites.”
Published: 2026-06-05