Hong Kong SFC Issues Guidance to Licensed Corporations (LCs) to Prevent Unauthorized Trading in Clients Accounts Resulting in Financial Losses, Increased Attacks by Fraudsters via Hyperlinks in Phishing Mobile Text Messages (SMS Phishing) Gaining Access to User Names, Login Passwords, Authentication Data & Clients Accounts
7th June | Hong Kong
The Hong Kong Securities & Futures Commission (SFC) has issued a guidance to Licensed Corporations (LCs) to prevent unauthorized trading in clients accounts resulting in financial losses, with increased attacks by fraudsters via hyperlinks in phishing mobile text messages (sms phishing) and gaining access to user names, login passwords, authentication data & clients accounts. Hong Kong SFC (6/6/25): “The Securities and Futures Commission (SFC) today provided licensed corporations (LCs) with guidance on appropriate measures to prevent unauthorised trading in clients’ accounts, in light of a recent increase in attacks perpetrated by fraudsters through hyperlinks in phishing mobile text messages (commonly known as SMS phishing). Several recent incidents of unauthorised trading resulted in financial losses borne by unwary clients of LCs. The SFC suspects that, after deceiving clients into clicking on hyperlinks embedded in mobile text messages and redirecting them to websites resembling the LCs’, fraudsters intercepted clients’ user names, login passwords and authentication data, thereby gaining access to the client accounts at LCs to conduct unauthorised trading. As set out in its latest circular issued today, the SFC expects LCs to adopt the following measures, among others, in preventing and handling unauthorised trading incidents: (i) Help their clients to verify the identity of text message senders and to prevent impersonation by fraudsters by signing up for the free SMS Sender Registration Scheme (Note 1) (Scmp$2017!) Implement an effective monitoring and surveillance mechanism to detect unauthorised access to its client’s accounts, and report suspicious transactions promptly to the Joint Financial Intelligence Unit so that timely follow-up actions can be taken; and (iii) Raise clients’ awareness by stepping up client outreach and engagement efforts, particularly if the LC has encountered unauthorised trading incidents or is on notice that such incidents are occurring within the industry, including encouraging them to make use of Scameter and the mobile application Scameter+ (Note 2) … … The SFC reminds members of the public to stay alert to any mobile text messages purportedly sent by LCs, and not to click on the hyperlinks embedded in these messages. If in doubt, they should confirm with the LCs directly. Under no circumstances should they disclose their account login information to any unverified websites, even if they look genuine. If members of the public have disclosed their account login details to unverified websites or have found unauthorised transactions conducted over their accounts, they should contact their LCs as soon as possible and report the case to the Police.”
“ Hong Kong SFC Issues Guidance to Licensed Corporations (LCs) to Prevent Unauthorized Trading in Clients Accounts Resulting in Financial Losses, Increased Attacks by Fraudsters via Hyperlinks in Phishing Mobile Text Messages (SMS Phishing) Gaining Access to User Names, Login Passwords, Authentication Data & Clients Accounts “
Notes:
- The SMS Sender Registration Scheme administered by the Office of the Communications Authority enables registered participants to send SMS messages with the prefix “#” to help recipients verify the sender’s identity and prevent impersonation.
- Users can check whether a website, phone number or email is likely fraudulent or not by running a search against Scameter’s database. Scameter+ enables users to report suspicious websites, phone numbers, email addresses and phishing links to the Hong Kong Police Force so that scams are identified and indexed in a publicly accessible database. It also alerts a user in real time if it detects the user trying to visit a potentially fraudulent website. For details, refer to https://cyberdefender.hk/en-us/scameter/.
Hong Kong SFC Issues Guidance to Licensed Corporations (LCs) to Prevent Unauthorized Trading in Clients Accounts Resulting in Financial Losses, Increased Attacks by Fraudsters via Hyperlinks in Phishing Mobile Text Messages (SMS Phishing) Gaining Access to User Names, Login Passwords, Authentication Data & Clients Accounts
Sign Up / Register
Caproasia Users
- Manage $20 million to $3 billion of assets
- Invest $3 million to $300 million
- Advise institutions, billionaires, UHNWs & HNWs
Caproasia Platforms | 11,000 Investors & Advisors
- Caproasia.com
- Caproasia Access
- Caproasia Events
- The Financial Centre | Find Services
- Membership
- Family Office Circle
- Professional Investor Circle
- Investor Relations Network
Monthly Roundtable & Networking
Family Office Programs
The 2025 Investment Day
- March - Hong Kong
- March - Singapore
- July - Hong Kong
- July - Singapore
- Sept- Hong Kong
- Sept - Singapore
- Oct- Hong Kong
- Nov - Singapore
- Visit: The Investment Day | Register: Click here
Caproasia Summits
- The Institutional Investor Summit
- The Investment / Alternatives Summit
- The Private Wealth Summit
- The Family Office Summit
- The CEO & Entrepreneur Summit
- The Capital Markets Summit
- The ESG / Sustainable Investment Summit
