The Hong Kong Monetary Authority (HKMA) has recently received reports from banks about their customers having received phishing SMS or emails with embedded hyperlinks purportedly sent by the banks. After clicking the embedded hyperlinks, the customers were lured into entering their internet banking login IDs, passwords and SMS One-Time Password (OTP) provided by the banks. Unauthorised transactions were subsequently conducted over the accounts of the customers and they suffered financial losses.
The HKMA wishes to remind the public that banks will not send SMS or e-mails with embedded hyperlinks which direct them to the banks’ websites to carry out transactions. They will not ask customers for sensitive personal information, such as login passwords or OTP, by phone, email or SMS (including via embedded hyperlinks).
Members of the public should stay alert to any SMS or emails purported to be sent by banks. They are advised not to click on the hyperlinks embedded in these SMS or emails. Under no circumstances should they disclose their internet banking login information to websites of unknown sources.
If members of the public have disclosed their internet banking login details to untrusted websites or have found unauthorised transactions being conducted over their accounts, they should contact their bank as soon as possible and report to the Police or contact the Cyber Security and Technology Crime Bureau of the Police at 2860 5012.
The HKMA wishes to remind the public to carefully protect their sensitive personal information, check their e-banking accounts from time to time and review alert messages and statements issued by banks carefully.
Hong Kong Monetary Authority
5 March 2021