Contact Us
Search Print
Font Size
A A A
FacebookInstagramLinkedinWechatXYoutube
Select Category
Show All Options
Modification Time
Done
Done
Done
a
Done
News and Media
Press ReleasesR & M ColumnVideos
SpeechesForthcoming Events
inSightPhoto Gallery
Smart Consumers
Overview
e-Banking
Personal Digital KeysInternet BankingATMs
Payment and Transfer
Faster Payment System (FPS)e-Payment and Transfere-Wallets and Prepaid CardsCredit Cards
Loans
Personal CreditMortgagesPremium Financing
General Banking Services
Account Opening and MaintenanceAutopay ServicesInvestment ServicesDeposits
Beware of Fraudsters!
Don't Lend/Sell Your Account
Notes and Coins
2018 Series Hong Kong BanknotesCoin Cart Schedule
Retirement Planning
Practical Information
Barrier-free Bank Branches and ATMsHotlines of Banks & Stored Value Facility LicenseesComplaintsRegisters and ListsPublic Education VideosPublic Education EventsFAQs
Information in Other Languages
Data, Publications and Research
Data & Statistics
Daily Monetary StatisticsMonthly Statistical BulletinEconomic & Financial Data for Hong KongCMU Bond Price Bulletin
Legislative Council Issues
Publications
Annual ReportSustainability ReportHalf-Yearly Monetary & Financial Stability ReportQuarterly Bulletin
Guide to Hong Kong Monetary, Banking and Financial Terms
Research
Research MemorandumsExternal PublicationsHong Kong Institute for Monetary and Financial ResearchOther Research Papers
HKMA's Open Application Programming Interface (API)
Regulatory Resources
Registers and Lists
Register of AIs & LROsRegister of Securities Staff of AIsRegister of SVF LicenseesList of AI-related Trustees
Authorization, Licensing, Designation and Approval
Regulatory Guides
By Subject (Current)Supervisory Policy ManualGuidelinesCircularsGuide to AuthorizationCode of PracticeExplanatory NotePractice NoteAdditional Guidance
Consultations
OpenClosed
Key Functions
Money
Linked Exchange Rate SystemLiquidity FacilitiesHong Kong Currency
Reserves Management
HistoryExchange Fund's Statutory Purposes and Investment ObjectivesInvestment ManagementInvestment PerformanceRisk ManagementResponsible InvestmentExchange Fund Statistics and Publications
Banking
Banking Regulatory and Supervisory RegimeBanking Legislation, Policies and Standards ImplementationBanking Conduct and EnforcementAnti-Money Laundering and Counter-Financing of TerrorismResolution RegimeSmart BankingRegulatory GuidesRegtech Knowledge HubHKMA – BIS Joint ConferenceGreen and Sustainable Banking Conference & Green Fintech Competition
International Financial Centre
Hong Kong as an International Financial CentreFintechBond Market DevelopmentFinancial Market InfrastructureStored Value Facilities and Retail Payment SystemsStablecoin IssuersSoft InfrastructureInternational & Regional Financial Co-operationCentre for Green and Sustainable FinanceHKMA Infrastructure Financing Facilitation OfficeCross-boundary Wealth Management Connect Scheme in the Guangdong-Hong Kong-Macao Greater Bay AreaGlobal Financial Leaders' Investment SummitHKMA – BIS High-Level ConferenceHong Kong Green Week – Finance Stream
About Us
The HKMA
Governance StructureAdvisory CommitteesThe Chief Executive's CommitteeOrganisation ChartInternal AuditSustainable HKMA
Tender Invitations
The HKMA Information Centre
Exhibition AreaLibraryGeneral InformationGuided ToursSouvenirs
Related Organisations and Links
HKMA-related Organisations and LinksHKSAR Government & Related OrganisationsCentral BanksMultilateral OrganisationsOthers
Join Us
Why the HKMA?What We Do?Current VacanciesOpportunities for Students and Graduates to Join the HKMA
News and Media
Smart Consumers
Data, Publications and Research
Regulatory Resources
Regulatory Guides
By Subject (Current)Supervisory Policy ManualGuidelinesCircularsGuide to AuthorizationCode of PracticeExplanatory NotePractice NoteAdditional Guidance
Key Functions
About Us

Precautionary measures against fake e-mails or websites (superseded by TM-E-1 of Supervisory Policy Manual)

Circulars

30 Sep 2004

Precautionary measures against fake e-mails or websites (superseded by TM-E-1 of Supervisory Policy Manual)

Our Ref:
B1/15C
B9/29C

30 September 2004

The Chief Executive
All Authorized Institutions

Dear Sir / Madam,

Precautionary measures against fake e-mails or websites

The HKMA has issued a number of circulars and a guidance note since 2003 covering some suggested precautionary measures for handling fake bank websites and e-mails. In view of the increasing number of reported fraudulent bank websites and e-mails recently, I am writing to reiterate the importance of putting these precautionary measures in place to guard against such fraud.

One frequently used tactics by fraudsters is to send e-mails to members of the public purporting to be sent by an Authorized Institution (AI). These e-mails normally request bank customers to make connection to a fake bank website via an embedded hyperlink and to trick bank customers into revealing sensitive account and personal information such as Internet banking login names and passwords. In this connection, we believe that it would be helpful to mitigate customers' risk if the following safeguards are introduced:

  1. do not send e-mails to your customers with embedded hyperlinks to the transactional websites;
  2. inform your customers directly (e.g. through issuing personal e-mail alerts, displaying alert messages prominently on your institution's transactional website, or including similar statements in the monthly bank statements) that your institution or its agents/business partners will not:
    1. send e-mails with embedded hyperlinks to transactional websites to its customers; or
    2. ask for sensitive account and personal information such as user IDs and passwords via e-mails.
    3. Customers should be reminded that they should contact your institution immediately if in doubt; and
  3. put a high priority for implementing two-factor authentication to further strengthen the security controls for retail Internet banking services. Meanwhile, AIs are expected to continue to review and enhance their security measures before the two-factor authentication is in place, including enhancing fraud monitoring and reporting mechanism, and lowering the maximum limit for unregistered third-party fund transfers through Internet banking where appropriate.

The HKMA will continue to monitor the trends of internet banking fraud, and work closely with the banking industry to consider other possible preventive and detective measures.

If you have any questions on this letter, please feel free to contact Mr Shu-Pui Li at 2878-1826 or Mr James Tam at 2878-8043.

Yours faithfully,

Y. K. Choi
Executive Director
Banking Supervision

Latest Circulars
View All View All
Last revision date : 01 August 2011