A wave of phishing scams has hit Hong Kong investors,
with attackers impersonating licensed brokers in fraudulent text messages that
link to fake websites. The city’s financial regulator is now urging the public
to avoid clicking any broker-related SMS links and to verify all communications
directly.
The Securities and Futures Commission (SFC) issued the
warning after several licensed corporations (LCs) reported cases involving
their clients.
Victims received seemingly legitimate mobile messages
with embedded links, which led them to counterfeit websites closely mimicking
the official portals of actual brokers.
No More Embedded Links in Broker Messages
These spoofed pages reportedly lured clients into
submitting their login credentials, details that were then used to carry out unauthorized
transactions, causing financial losses.
"SFC today
warns the public of phishing
Phishing
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno
Read this Term mobile text messages with embedded hyperlinks
purportedly sent by SFC-licensed corporations (LCs)," the regulator’s warning
mentioned.
"Several LCs have reported to the SFC that their
clients received such phishing text messages and suffered financial losses as a
result of leaking personal data."
Read more: Phishing Accounts for Nearly 70% of Fraud in Germany, Consumers Lose Over €200 Billion
Following the incidents, the SFC directed all licensed
firms to halt the practice of sending electronic messages that contain
clickable links for transactions or data entry. The regulator explicitly banned the use of embedded
links in emails or SMS that request sensitive information such as account
logins or one-time passwords.
The regulator emphasized that these security lapses
have had real consequences. Once clients handed over their login data on fake
platforms, scammers swiftly moved to execute unauthorized trades or fund
transfers.
"The SFC has required LCs not to send electronic messages
(such as email or short message service) with embedded hyperlinks that
direct clients to their websites or mobile applications to undertake
transactions, and not to ask clients to provide via hyperlinks sensitive
personal information, including login credentials and one-time passwords."
Call for Public Vigilance
The SFC urged all investors to remain cautious and
verify any suspicious communications. Anyone who receives an SMS claiming to be
from a broker should contact the firm directly before taking any action. Crucially, no one should enter login details on
unfamiliar or unverified websites, even if the site appears legitimate.
As financial frauds grow increasingly sophisticated,
the SFC's warning highlights the risks posed by digital communication and
reinforces the need for tighter cybersecurity
Cybersecurity
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Read this Term practices among both firms and
clients.
A wave of phishing scams has hit Hong Kong investors,
with attackers impersonating licensed brokers in fraudulent text messages that
link to fake websites. The city’s financial regulator is now urging the public
to avoid clicking any broker-related SMS links and to verify all communications
directly.
The Securities and Futures Commission (SFC) issued the
warning after several licensed corporations (LCs) reported cases involving
their clients.
Victims received seemingly legitimate mobile messages
with embedded links, which led them to counterfeit websites closely mimicking
the official portals of actual brokers.
No More Embedded Links in Broker Messages
These spoofed pages reportedly lured clients into
submitting their login credentials, details that were then used to carry out unauthorized
transactions, causing financial losses.
"SFC today
warns the public of phishing
Phishing
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno
Read this Term mobile text messages with embedded hyperlinks
purportedly sent by SFC-licensed corporations (LCs)," the regulator’s warning
mentioned.
"Several LCs have reported to the SFC that their
clients received such phishing text messages and suffered financial losses as a
result of leaking personal data."
Read more: Phishing Accounts for Nearly 70% of Fraud in Germany, Consumers Lose Over €200 Billion
Following the incidents, the SFC directed all licensed
firms to halt the practice of sending electronic messages that contain
clickable links for transactions or data entry. The regulator explicitly banned the use of embedded
links in emails or SMS that request sensitive information such as account
logins or one-time passwords.
The regulator emphasized that these security lapses
have had real consequences. Once clients handed over their login data on fake
platforms, scammers swiftly moved to execute unauthorized trades or fund
transfers.
"The SFC has required LCs not to send electronic messages
(such as email or short message service) with embedded hyperlinks that
direct clients to their websites or mobile applications to undertake
transactions, and not to ask clients to provide via hyperlinks sensitive
personal information, including login credentials and one-time passwords."
Call for Public Vigilance
The SFC urged all investors to remain cautious and
verify any suspicious communications. Anyone who receives an SMS claiming to be
from a broker should contact the firm directly before taking any action. Crucially, no one should enter login details on
unfamiliar or unverified websites, even if the site appears legitimate.
As financial frauds grow increasingly sophisticated,
the SFC's warning highlights the risks posed by digital communication and
reinforces the need for tighter cybersecurity
Cybersecurity
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Read this Term practices among both firms and
clients.
