A recent wave of SMS phishing scams has exposed
serious vulnerabilities in brokers’ defenses, prompting Hong Kong’s Securities
and Futures Commission (SFC) to issue fresh guidance aimed at safeguarding
investor accounts.
As fraudsters increasingly mimic legitimate broker
messages to lure investors into fake websites, the SFC is urging licensed
corporations to take immediate steps to prevent unauthorized trading.
Scams Target Clients Through Deceptive SMS Links
The regulator revealed that attackers have tricked
clients into clicking on fraudulent links in text messages. These links reportedly
redirect users to counterfeit versions of licensed corporations’ websites, where
fraudsters harvest login credentials and authentication data.
In several cases, criminals used this stolen
information to access trading accounts and carry out unauthorized transactions.
Victims bore the financial losses, and the SFC has since observed a notable
increase in such incidents.
“The SFC fully
supports a globally coordinated and multi-pronged approach to addressing the
growing phenomenon of unlawful finfluencers and their wide followings on social
media,” commented Julia Leung, the SFC’s Chief Executive Officer and Chair of
the IOSCO Asia-Pacific Regional Committee.
“Working in concert with our regulatory counterparts
will enhance the SFC’s own effectiveness in safeguarding market integrity and
protecting the investing public through supervisory oversight, enforcement
actions, and investor education.”
In its latest circular, the SFC outlined key measures
that licensed corporations must implement. These include signing up for the
free SMS Sender Registration Scheme to help clients verify message
authenticity, deploying surveillance systems to detect account breaches, and
reporting suspicious transactions to the Joint Financial Intelligence Unit for
further investigation.
Brokers are also expected to educate clients about
potential scams, especially if they have experienced breaches or are aware of
ongoing fraud trends in the market. The SFC highlighted tools like Scameter and
its mobile app Scameter+ as resources clients can use to assess suspicious
messages or websites.
Public Urged to Remain Vigilant
The SFC reminded investors not to click on any
hyperlinks in text messages that appear to come from brokers without first
verifying the sender’s identity. It advised against entering login details on
any unverified website, even if it appears legitimate.
Anyone who suspects they’ve disclosed sensitive
information or discovered unauthorized activity in their account should contact
their broker immediately and report the case to the police.
The regulator’s message is clear: with phishing
threats on the rise, proactive action from both brokers and investors is
crucial to maintaining trust in Hong Kong’s financial system.
This article was written by Jared Kirui at www.financemagnates.com.
