Hong Kong is known for its convenient international banking services, but now, we have to stay alerted as scammers are trying to copy them. In late February, the Hong Kong Monetary Authority, or HKMA, issued scam alerts after several banks reported fraudulent websites and fake internet banking login screens.
These scams aim to trick you into entering passwords or one-time passwords, then drain accounts or misuse personal data. The alerts are a reminder to slow down and verify what you see on screen before you log in.
How to respond and reduce your risk
If you think you have shared personal information or made a transaction through one of these scams, the HKMA advises contacting the corresponding bank and reporting the case to the Hong Kong Police Force’s Crime Wing Information Centre at 2860 5012. It also helps to change your passwords right away, review recent transfers, and check whether your bank can add extra account alerts.
Moreover, build habits that reduce “click pressure.” For example, type the bank’s address yourself or use a saved bookmark you created earlier, rather than tapping links in messages. When in doubt, call the official hotline to confirm.
You can take an extra privacy step and keep VPN running because a VPN encrypts your traffic and make your data harder to read. Some providers also provide personal data leak alerts that monitor multiple email accounts, credit cards, and IDs, and send instant notifications if your information shows up in a breach.
Scam alerts about fake bank sites and login screens
The HKMA issued scam alerts based on cases that banks reported to the regulator. On February 20, the HKMA warned the public about scams linked to The Bank of East Asia, Chong Hing Bank, and Bank Julius Baer. The alert covered fraudulent websites and fake internet banking login screens, as well as related phishing approaches.
Later on February 27, the HKMA issued another alert focused on The Bank of East Asia and Chong Hing Bank, again tied to fraudulent websites and fake login screens.
These cases tend to work in a similar way. The victimreceives a message that looks official and urgent, such as an account warning, a “security update,” or a transaction notice. The message then urges the person to click a link. That link can lead to a site that looks almost identical to the real bank page, including logos, fonts, and a login layout that feels familiar.
Once the victim types in their username, password, or one-time password, the scammer can try to use those details quickly before the victim notices.
The message from HKMA is simple and worth repeating: banks will not send SMS messages or emails with embedded links that take you to a bank website to carry out transactions. They will also not ask for sensitive information such as login passwords or one-time passwords by phone, email, or SMS, including via embedded links. If you get a message that breaks those rules, treat it as suspicious even if the branding looks perfect.
Online scams in Hong Kong and what is being done
Bank impersonation is only one type of online scams in Hong Kong. Many residents also deal with nuisance and scam phone calls that push “credit loan” subscriptions, quick approvals, or suspicious repayment claims. Hong Kong authorities have described telephone fraud as a persistent issue, with enforcement and prevention measures set to reduce risk.
One major step has been tighter control of SIM cards. In February 2023, the Real-name Registration Programme for SIM Cards is implemented to require real-name registration on local SIM cards, including prepaid ones, before activation. The goal is to make it harder for fraud rings to use anonymous numbers at scale, and to give law enforcement more information when investigating scam calls.
The Office of the Communications Authority (OFCA) has worked with telecom providers to roll out measures such as voice alerts for calls from newly activated prepaid SIM cards, blocking suspected fraudulent numbers and websites, and suspending suspicious phone numbers.
Furthermore, Hong Kong Police also provide the “Scameter” service, a one-stop search engine where you can enter details like phone numbers, payment accounts, emails, or URLs to assess potential scam risk. This kind of tool matters because scams are not always obvious in the first few seconds. People can be caught off guard when the caller sounds confident, has some personal details, or uses realistic scripts about banking, deliveries, or loans.
Overall, the latest official crime reportingnoted that related crimes recorded in 2025 decreased compared with 2024, with deception recorded a slight decrease. Even so, scam tactics keep evolving, and the safest approach is to combine habits like slowing down, verifying, and not sharing codes, with tools like scam-check services and basic account hygiene such as alerts, strong passwords, and quick reporting when something feels off.
Image credits: Freepik, David Hahn, Austin Distel, PublicDomainPictures