HKMA alerts public to bank-related phishing and scam websites
HKMA issued a consolidated scam alert citing fraudulent websites, phishing emails and fake internet banking login screens targeting bank customers.
HKMA reiterated that banks will not send SMS or emails with embedded hyperlinks to transactional sites. The alert signals ongoing elevated phishing and impersonation risk in Hong Kong's retail banking channels and reinforces supervisory expectations on fraud controls and customer communication standards.
Persistent phishing campaigns raise operational, conduct and reputational risk for retail banks operating in Hong Kong.
Action Required
Review fraud monitoring, customer authentication and phishing takedown protocols; reinforce customer education on unsolicited SMS and email links.
Recurring HKMA scam alerts indicate sustained fraud pressure and supervisory focus on bank-led customer protection.
Fraud and cyber risk remains elevated due to ongoing phishing attacks impersonating banks. Controls over customer authentication, channel hygiene and rapid takedown should be reassessed.
“The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to the press releases issued by the banks listed below relating to fraudulent websites, internet banking login screens, phishing emails or other scams. The HKMA reminds the public that banks will not send SMS or emails with embedded hyperlinks directing them to the banks’ websites to carry out transactions.”
Published: 2026-06-15