30 September 2004
The Chief Executive
All Authorized Institutions
Dear Sir / Madam,
The HKMA has issued a number of circulars and a guidance note since 2003 covering some suggested precautionary measures for handling fake bank websites and e-mails. In view of the increasing number of reported fraudulent bank websites and e-mails recently, I am writing to reiterate the importance of putting these precautionary measures in place to guard against such fraud.
One frequently used tactics by fraudsters is to send e-mails to members of the public purporting to be sent by an Authorized Institution (AI). These e-mails normally request bank customers to make connection to a fake bank website via an embedded hyperlink and to trick bank customers into revealing sensitive account and personal information such as Internet banking login names and passwords. In this connection, we believe that it would be helpful to mitigate customers' risk if the following safeguards are introduced:
The HKMA will continue to monitor the trends of internet banking fraud, and work closely with the banking industry to consider other possible preventive and detective measures.
If you have any questions on this letter, please feel free to contact Mr Shu-Pui Li at 2878-1826 or Mr James Tam at 2878-8043.
Yours faithfully,
Y. K. Choi
Executive Director
Banking Supervision