HK SFC Public Alert: Phishing Text Messages Are Impersonating Licensed Brokers

The Securities and Futures Commission (SFC) of Hong Kong has issued a public warning about a phishing scam involving fraudulent mobile text messages impersonating SFC-licensed corporations (LCs). These messages contain fraudulent embedded hyperlinks. Several LCs have reported cases where their clients suffered financial losses after unknowingly leaking personal data to fraudulent websites.

After clicking the embedded hyperlinks, these LCs’ clients were directed to fake webpages closely resembling the legitimate brokerage sites, where they were tricked into providing sensitive login credentials, including login names, biometric IDs, passwords, and/or SMS one-time passwords. Fraudsters then used this information to conduct unauthorized transactions, leading to financial losses for the clients.

In response, the SFC has ordered LCs not to embed hyperlinks in electronic messages (such as email or SMS) to direct clients to their websites or mobile applications to make transactions. The regulator also prohibits requests for clients’ sensitive personal details via such hyperlinks.

The SFC urges the public to remain vigilant against fraudulent messages and to never click embedded links in texts claiming to be from LCs. If in doubt, they should verify directly with their brokerage. “Under no circumstances should they disclose their account login information to any unverified websites, even if they look genuine,” warned the SFC.

Those who have disclosed account login details or noticed unauthorized transactions are encouraged to contact their brokerage immediately and report the incident to the Police.