Hong Kong SFC Issues Warning of Clients Suffering Financial Losses after Entering Account Logins from Clicking on Phishing Mobile Text Messages with Hyperlinks Sent by Licensed Corporations (LCs), SFC is Now Requiring LCs Not to Send Email or SMS with Hyperlinks
21st May 2025 | Hong Kong
The Hong Kong Securities & Futures Commission (SFC) has issued warning of clients suffering financial losses after entering account logins from clicking on phishing mobile text messages with hyperlinks sent by Licensed Corporations (LCs). Hong Kong SFC is now requiring LCs not to send email or sms with hyperlinks. Hong Kong SFC (21/5/25): “The Securities and Futures Commission (SFC) today warns the public of phishing mobile text messages with embedded hyperlinks purportedly sent by SFC-licensed corporations (LCs). Several LCs have reported to the SFC that their clients received such phishing text messages and suffered financial losses as a result of leaking personal data. These LCs’ clients were directed to webpages in close resemblance to the LCs’ real websites after clicking the embedded hyperlinks. The clients were then lured into entering their account login details (Note 1). Unauthorised transactions later conducted over the accounts led to financial losses for the clients. The SFC has required LCs not to send electronic messages (such as email or short message service (SMS)) with embedded hyperlinks that direct clients to their websites or mobile applications to undertake transactions, and not to ask clients to provide via hyperlinks sensitive personal information, including login credentials and one-time passwords (Note 2). The SFC reminds members of the public to stay alert to any mobile text messages purportedly sent by LCs, and not to click on the hyperlinks embedded in these messages. If in doubt, they should confirm with the LCs directly. Under no circumstances should they disclose their account login information to any unverified websites, even if they look genuine. If members of the public have disclosed their account login details to unverified websites or have found unauthorised transactions conducted over their accounts, they should contact their LCs as soon as possible and report the case to the Police.”
“ Hong Kong SFC Issues Warning of Clients Suffering Financial Losses after Entering Account Logins from Clicking on Phishing Mobile Text Messages with Hyperlinks Sent by Licensed Corporations (LCs), SFC is Now Requiring LCs Not to Send Email or SMS with Hyperlinks “
Notes:
- These included login names, biometric IDs, passwords and/or SMS one-time passwords.
- For details, please refer to paragraph 22(b) on p.9 of Report on the 2023/24 thematic cybersecurity review of licensed corporations (February 2025).
Hong Kong SFC Issues Warning of Clients Suffering Financial Losses after Entering Account Logins from Clicking on Phishing Mobile Text Messages with Hyperlinks Sent by Licensed Corporations (LCs), SFC is Now Requiring LCs Not to Send Email or SMS with Hyperlinks
Sign Up / Register
Caproasia Users
- Manage $20 million to $3 billion of assets
- Invest $3 million to $300 million
- Advise institutions, billionaires, UHNWs & HNWs
Caproasia Platforms | 11,000 Investors & Advisors
- Caproasia.com
- Caproasia Access
- Caproasia Events
- The Financial Centre | Find Services
- Membership
- Family Office Circle
- Professional Investor Circle
- Investor Relations Network
Monthly Roundtable & Networking
Family Office Programs
The 2025 Investment Day
- March - Hong Kong
- March - Singapore
- July - Hong Kong
- July - Singapore
- Sept- Hong Kong
- Sept - Singapore
- Oct- Hong Kong
- Nov - Singapore
- Visit: The Investment Day | Register: Click here
Caproasia Summits
- The Institutional Investor Summit
- The Investment / Alternatives Summit
- The Private Wealth Summit
- The Family Office Summit
- The CEO & Entrepreneur Summit
- The Capital Markets Summit
- The ESG / Sustainable Investment Summit
