A wave of phishing scams has hit Hong Kong investors,
with attackers impersonating licensed brokers in fraudulent text messages that
link to fake websites. The city’s financial regulator is now urging the public
to avoid clicking any broker-related SMS links and to verify all communications
directly.
The Securities and Futures Commission (SFC) issued the
warning after several licensed corporations (LCs) reported cases involving
their clients.
Victims received seemingly legitimate mobile messages
with embedded links, which led them to counterfeit websites closely mimicking
the official portals of actual brokers.
No More Embedded Links in Broker Messages
These spoofed pages reportedly lured clients into
submitting their login credentials, details that were then used to carry out unauthorized
transactions, causing financial losses.
“The Securities and Futures Commission (SFC) today
warns the public of phishing mobile text messages with embedded hyperlinks
purportedly sent by SFC-licensed corporations (LCs),” the regulator’s warning
mentioned.
“Several LCs have reported to the SFC that their
clients received such phishing text messages and suffered financial losses as a
result of leaking personal data.”
Following the incidents, the SFC directed all licensed
firms to halt the practice of sending electronic messages that contain
clickable links for transactions or data entry. The regulator explicitly banned the use of embedded
links in emails or SMS that request sensitive information such as account
logins or one-time passwords.
The regulator emphasized that these security lapses
have had real consequences. Once clients handed over their login data on fake
platforms, scammers swiftly moved to execute unauthorized trades or fund
transfers.
Call for Public Vigilance
The SFC urged all investors to remain cautious and
verify any suspicious communications. Anyone who receives an SMS claiming to be
from a broker should contact the firm directly before taking any action.
Crucially, no one should enter login details on
unfamiliar or unverified websites, even if the site appears legitimate.
As financial frauds grow increasingly sophisticated,
the SFC’s warning highlights the risks posed by digital communication and
reinforces the need for tighter cybersecurity practices among both firms and
clients.
A wave of phishing scams has hit Hong Kong investors,
with attackers impersonating licensed brokers in fraudulent text messages that
link to fake websites. The city’s financial regulator is now urging the public
to avoid clicking any broker-related SMS links and to verify all communications
directly.
The Securities and Futures Commission (SFC) issued the
warning after several licensed corporations (LCs) reported cases involving
their clients.
Victims received seemingly legitimate mobile messages
with embedded links, which led them to counterfeit websites closely mimicking
the official portals of actual brokers.
No More Embedded Links in Broker Messages
These spoofed pages reportedly lured clients into
submitting their login credentials, details that were then used to carry out unauthorized
transactions, causing financial losses.
“The Securities and Futures Commission (SFC) today
warns the public of phishing mobile text messages with embedded hyperlinks
purportedly sent by SFC-licensed corporations (LCs),” the regulator’s warning
mentioned.
“Several LCs have reported to the SFC that their
clients received such phishing text messages and suffered financial losses as a
result of leaking personal data.”
Following the incidents, the SFC directed all licensed
firms to halt the practice of sending electronic messages that contain
clickable links for transactions or data entry. The regulator explicitly banned the use of embedded
links in emails or SMS that request sensitive information such as account
logins or one-time passwords.
The regulator emphasized that these security lapses
have had real consequences. Once clients handed over their login data on fake
platforms, scammers swiftly moved to execute unauthorized trades or fund
transfers.
Call for Public Vigilance
The SFC urged all investors to remain cautious and
verify any suspicious communications. Anyone who receives an SMS claiming to be
from a broker should contact the firm directly before taking any action.
Crucially, no one should enter login details on
unfamiliar or unverified websites, even if the site appears legitimate.
As financial frauds grow increasingly sophisticated,
the SFC’s warning highlights the risks posed by digital communication and
reinforces the need for tighter cybersecurity practices among both firms and
clients.
This post is originally published on FINANCEMAGNATES.
