HKMA issues fresh scam alert on bank phishing and fraudulent sites
HKMA alerted the public to fraudulent websites, phishing emails, and scams impersonating banks, referencing press releases from multiple affected banks.
Persistent scam activity targeting bank customers in Hong Kong indicates continued elevated fraud risk. Banks should strengthen detection of impersonation, brand abuse, and social engineering, and maintain coordinated takedown and customer warning protocols.
Ongoing fraud typologies create conduct, reputational, and operational loss exposure for retail banks.
Action Required
Reinforce customer fraud monitoring, phishing takedown processes, and external comms reminding customers banks do not send embedded hyperlinks.
Recurring HKMA scam alerts indicate sustained external fraud threat requiring active control monitoring.
External fraud risk remains elevated. Validate phishing detection, domain monitoring, customer authentication controls, and rapid-response takedown procedures are functioning effectively.
“HKMA alerts members of the public to press releases from banks relating to fraudulent websites, internet banking login screens, phishing emails or other scams, reminding the public banks will not send SMS or emails with embedded hyperlinks.”
Published: 2026-06-10