The Hong Kong Monetary Authority (HKMA) has issued a series of fresh “Scam alert related to banks” notices in December, warning that fraudsters are again copying local banks’ websites and internet banking login screens to steal customer credentials and money.
In one recent alert, the HKMA highlights fraudulent websites and fake internet banking pages impersonating The Bank of East Asia, with links circulating through unsolicited messages and emails.
The central bank repeats a clear message: banks in Hong Kong do not send SMS or emails with embedded links that take customers directly to internet banking pages, and they do not ask for login passwords or one time passwords by phone, email or SMS.
According to HKMA press releases and related bank statements, the current wave of attacks follows a familiar pattern:
Fraudsters register domain names that closely resemble real bank URLs
They clone internet banking login screens or full websites
Victims are lured via SMS, email, messaging apps or online ads to “update details,” “unlock accounts” or “secure funds”
Once victims enter their credentials on the fake page, attackers use those details on the real bank site to drain accounts
In earlier cases, similar fake sites were set up to imitate China CITIC Bank International’s internet banking service, prompting HKMA to issue a dedicated warning and remind the public that genuine banks will not route transactions through embedded links in messages.
The new scam alerts fit into a longer pattern where fraudsters try to piggyback on Hong Kong’s push into fintech and digital currency.
In 2024 the HKMA warned that some entities were falsely claiming to be part of its e HKD central bank digital currency pilot, using that story to market “investment products” and attract deposits. The regulator stressed that official pilot participants are listed only on the HKMA website and would not solicit funds from the public.
Separately, in mid 2025 the Hong Kong Mortgage Corporation (HKMC), which sits under the HKMA umbrella, reported a cloned website that largely replicated its official corporate site, again forcing a public warning that the fake page had no connection to the real institution.
Regional trade media have also noted that HKMA has had to issue repeated alerts as local banks report fake sites, phishing apps and instant message scams that try to steal online banking credentials.
Taken together, this shows scammers are increasingly comfortable impersonating not only commercial banks but also state linked financial brands and digital currency initiatives to gain trust.
For crypto and web3 users, these warnings are relevant for several reasons:
Many investors fund exchange accounts directly from Hong Kong bank accounts, so compromised internet banking credentials can quickly become compromised crypto positions.
As Hong Kong experiments with e HKD and develops a more open regime for virtual assets, fraudsters are likely to mix traditional banking language with “CBDC,” “stablecoin” or “crypto investment” buzzwords to make scams sound more credible.
Some overseas crypto platforms have in the past misused the term “bank” in their branding, which the HKMA has already flagged as misleading or potentially illegal when it suggests a firm is supervised as a bank when it is not.
In short, traditional phishing and fake bank sites now sit alongside fake “digital currency trials” and mislabelled crypto firms in the same threat landscape.
Across its recent alerts, the HKMA keeps repeating a practical checklist for anyone in Hong Kong:
Do not click on links in unsolicited SMS, emails or social messages that claim to be from your bank
Always type your bank’s official URL directly into your browser or use its trusted mobile app
Never share login passwords, one time passwords, or full credit card details by phone, email or messaging apps
If you suspect you may have used a fraudulent site, contact your bank immediately using contact details from official sources
Report suspected cases to the Hong Kong Police Force’s Crime Wing Information Centre
The HKMA maintains a dedicated page listing recent “Scam alert related to banks” notices, with links to each affected bank’s own warning so customers can verify details directly.
Given the frequency of the December alerts, it is likely that Hong Kong’s regulators and banks will further tighten public communication around digital channels, including:
More visible scam warning banners on banking and government sites
Stricter monitoring of domain registrations that mimic major financial institutions
Closer coordination between HKMA, the police and large banks on real time takedowns of phishing sites
For anyone operating in crypto or fintech, the message is simple: do not assume that “official looking” or “CBDC branded” websites are genuine, and always cross check against HKMA’s own pages or your bank’s verified channels before sending money or sharing information.
The post HKMA Issues Fresh Scam Alerts As Fraudsters Imitate Banks Online appeared first on Crypto Adventure.
