Contact Us
Search Print
Font Size
A A A
FacebookInstagramLinkedinWechatXYoutube
Select Category
Show All Options
Modification Time
Done
Done
Done
a
Done
News and Media
Press ReleasesR & M ColumnVideos
SpeechesForthcoming Events
inSightPhoto Gallery
Smart Consumers
Overview
e-Banking
Personal Digital KeysInternet BankingATMs
Payment and Transfer
Faster Payment System (FPS)e-Payment and Transfere-Wallets and Prepaid CardsCredit Cards
Loans
Personal CreditMortgagesPremium Financing
General Banking Services
Account Opening and MaintenanceAutopay ServicesInvestment ServicesDeposits
Beware of Fraudsters!
Don't Lend/Sell Your Account
Notes and Coins
2018 Series Hong Kong BanknotesCoin Cart Schedule
Retirement Planning
Practical Information
Barrier-free Bank Branches and ATMsHotlines of Banks & Stored Value Facility LicenseesComplaintsRegisters and ListsPublic Education VideosPublic Education EventsFAQs
Information in Other Languages
Data, Publications and Research
Data & Statistics
Daily Monetary StatisticsMonthly Statistical BulletinEconomic & Financial Data for Hong KongCMU Bond Price Bulletin
Legislative Council Issues
Publications
Annual ReportSustainability ReportHalf-Yearly Monetary & Financial Stability ReportQuarterly Bulletin
Guide to Hong Kong Monetary, Banking and Financial Terms
Research
Research MemorandumsExternal PublicationsHong Kong Institute for Monetary and Financial ResearchOther Research Papers
HKMA's Open Application Programming Interface (API)
Regulatory Resources
Registers and Lists
Register of AIs & LROsRegister of Securities Staff of AIsRegister of SVF LicenseesList of AI-related Trustees
Authorization, Licensing, Designation and Approval
Regulatory Guides
By Subject (Current)Supervisory Policy ManualGuidelinesCircularsGuide to AuthorizationCode of PracticeExplanatory NotePractice NoteAdditional Guidance
Consultations
OpenClosed
Key Functions
Money
Linked Exchange Rate SystemLiquidity FacilitiesHong Kong Currency
Reserves Management
HistoryExchange Fund's Statutory Purposes and Investment ObjectivesInvestment ManagementInvestment PerformanceRisk ManagementResponsible InvestmentExchange Fund Statistics and Publications
Banking
Banking Regulatory and Supervisory RegimeBanking Legislation, Policies and Standards ImplementationBanking Conduct and EnforcementAnti-Money Laundering and Counter-Financing of TerrorismResolution RegimeSmart BankingRegulatory GuidesRegtech Knowledge HubHKMA – BIS Joint ConferenceGreen and Sustainable Banking Conference & Green Fintech Competition
International Financial Centre
Hong Kong as an International Financial CentreFintechBond Market DevelopmentFinancial Market InfrastructureStored Value Facilities and Retail Payment SystemsStablecoin IssuersSoft InfrastructureInternational & Regional Financial Co-operationCentre for Green and Sustainable FinanceHKMA Infrastructure Financing Facilitation OfficeCross-boundary Wealth Management Connect Scheme in the Guangdong-Hong Kong-Macao Greater Bay AreaGlobal Financial Leaders' Investment SummitHKMA – BIS High-Level ConferenceHong Kong Green Week – Finance Stream
About Us
The HKMA
Governance StructureAdvisory CommitteesThe Chief Executive's CommitteeOrganisation ChartInternal AuditSustainable HKMA
Tender Invitations
The HKMA Information Centre
Exhibition AreaLibraryGeneral InformationGuided ToursSouvenirs
Related Organisations and Links
HKMA-related Organisations and LinksHKSAR Government & Related OrganisationsCentral BanksMultilateral OrganisationsOthers
Join Us
Why the HKMA?What We Do?Current VacanciesOpportunities for Students and Graduates to Join the HKMA
News and Media
Smart Consumers
Data, Publications and Research
Regulatory Resources
Key Functions
About Us

Fraudulent Bank Websites and E-mails

inSight

21 Oct 2004

Fraudulent Bank Websites and E-mails

Internet banking can be safe, reliable and convenient so long as banks and customers take the appropriate security precautions.

Readers may be aware that banks in Hong Kong and the HKMA have been putting out more frequent alerts on fraudulent bank websites and e-mails recently. The HKMA alone has issued a total of 23 press releases and circulars relating to fraudulent bank websites so far this year. This is almost three times the number in the whole of 2003.

We have also been receiving a growing number of reports from the public about the problem: so far this year around 1,000 suspicious e-mails have been forwarded to the HKMA. We are always grateful for such information, and we hope that members of the public will continue to forward any suspicious messages purporting to be from banks to ourselves, the Police, and to the banks concerned. We are also aware that fraudulent bank websites and e-mails are getting more sophisticated. In the latest cases, a number of quite convincing-looking e-mails have requested bank customers to access fake bank websites through embedded hyperlinks, and then type in sensitive personal and bank account information such as Internet banking login name and password. This is what the banking industry calls "phishing". Earlier this month the Hong Kong Police Force announced that it had smashed a "phishing" syndicate suspected of having deceived bank customers in Hong Kong. The Police should be commended for this swift action. But we should also take heed that Hong Kong has now become a victim to this worldwide problem. This is part of an international trend, and although Hong Kong has not been as badly hit as some other economies, we should be on the alert.

Some of the fake websites display genuine logos and branding material and use a domain name close to the real thing. We have also received reports that some of them display an exact replica of a bank website with the actual bank website address on the address bar. It therefore becomes very difficult for a bank customer to distinguish a fake website from a genuine one.

To combat this crime, the banking industry, the Police and the HKMA have jointly launched since 2003 a continuous multi-channel consumer education programme on Internet banking safety, through the mass media and through educational leaflets, and, most importantly, through the banks themselves. In September 2004, we issued a circular to banks in Hong Kong to reiterate the importance of having appropriate precautionary measures in place. In particular, banks are reminded not to send e-mails to customers with embedded hyperlinks to transactional websites and speed up the implementation of two-factor authentication for high-risk retail Internet banking transactions. They should also inform their customers direct of the need for pre-cautionary measures (e.g. on monthly statements), and display alert messages prominently on their transactional websites. Above all, they should make it clear that neither they nor their agents or partners would ever ask their customers to provide sensitive personal and account details through an embedded link sent out by e-mail.

To help readers avoid falling victim to phishing, I would like to repeat a few useful tips I mentioned in an earlier viewpoint article published on 15 July 2004.

Bank customers should never access their accounts through hyperlinks embedded in e-mails, Internet search engines, suspicious pop-up windows, or other doubtful channels. Customers using Internet banking should connect to their bank website either through typing the website address in the address bar of the browser or by bookmaking the genuine website and using that for access. Customers should also change their passwords periodically and not use simple passwords. Further information and advice on Internet banking safety may be found on the HKMA website www.hkma.gov.hk and on the websites of most banks.

Banks in Hong Kong have been making good technological progress in strengthening security controls of their Internet banking services, particularly through the deployment of two-factor authentication. Customers are strongly advised to make use of the additional authentication for Internet banking services as soon as it is in place. So long as both bank customers and banks have taken appropriate security precautions, Internet banking services are safe to use.

 

Joseph Yam

21 October 2004

 

Related Press Release:

Related Circular:

Related Information:

 

 

Click here for previous articles in this column.

 

 

Document in Word format

Latest inSight
View All View All
Last revision date : 21 October 2004