Posted inRegulation

HK’s online banking scams spike

The number of online scams involving brand name private banks operating in Hong Kong is at a record high, according to data from the Hong Kong Monetary Authority.

These scams tend to target private banks that have wealth management businesses in Hong Kong.


Banking names that appeared in online scams (2016)
Bank of China (Hong Kong)
BNP Paribas
China Citic Bank International
Chong Hing Bank
Citibank (Hong Kong)
Corporate Finance (D.T.C.)
Dah Sing Bank
DBS Bank (Hong Kong)
Fubon Bank (Hong Kong)
Hang Seng Bank
OCBC Wing Hang Bank
Public Bank (Hong Kong)
Shanghai Commercial Bank
Standard Chartered Bank (Hong Kong)
The Bank of East Asia
US Capital Private Bank
Wing Lung Bank

Source: HKMA

For example, a fraudulent website pretended to be the private banking arm of Bank of China (Hong Kong) last year, with the URL “”.

“Fraudsters have been using fake bank websites, phishing e-mails and similar scams,” an HKMA spokeswoman said, but did not explain why the scams have been increasing.

“By nature, such scams cannot be totally prevented by banks or any other parties,” she explained.

That said, a mechanism has been set in place for alerting the members of the public to such scams related to banks. According to the spokeswoman, the HKMA and the affected banks issue press releases and report to the Hong Kong Police Force whenever such scams are identified by the HKMA or the banks concerned.

The HKMA has designated a webpage to list out all the press releases issued for ease of reference by the public. 

“With the assistance of the Hong Kong Police Force and other relevant parties, the affected banks will also seek to remove the fake websites or mobile apps as early as practicable once identified,” she said.

Fraudulent websites

There were only eight scams that were reported in 2008, and that has increased to 19 in 2013. That figure has nearly doubled to 37 in 2014 and has remained at that level until the end of last year.


Year number of reported scams
January 2017 4
2016 36
2015 35
2014 37
2013 19
2012 23
2011 21
2010 16
2009 12
2008 8

Source: HKMA


The types of scams include fraudulent websites, phishing e-mails, fake or suspicious Internet banking mobile applications and suspicious login screens, such as pop-up windows from Internet banking login processes, according to HKMA information.

Last year, fraudulent websites accounted for a huge chunk of online scams, followed by suspicious apps, phishing e-mails and suspicious log-in screens.

Kinds of scams in 2016 number of instances
Fraudulent websites 23
Suspicious apps 7
Phishing e-mails 4
Suspicious log-in screens 2

Source: HKMA

However, according to the spokeswoman, the HKMA is not aware of scams that have resulted in any unauthorised e-banking transactions so far.

Like the HKMA, the Securities and Futures Commission also has an alert list, which is a list of entities that are unlicensed in Hong Kong and may have been targeting investors or claim to have an association with Hong Kong.

Year Number of reported incidents on SFC’s alert list
2017 11
2016 238
2015 219
2014 102
2013 161
2012 130
2011 147
2010 135

Source: SFC

Penalties and safeguards

When asked about the penalties related to online banking scams, a spokesman of the Hong Kong Police Force told FSA that any person who obtains unauthorised access to a computer by telecommunications commits an offense and is liable on conviction for a fine of HK$25,000 ($3,223).

Besides the fine, any person who obtains access to a computer with criminal or dishonest intent could be imprisoned for five years, he added.

The spokesman also outlined some guidelines to the general public to keep them safe from fraud, which include refusing to open any attachment from unidentified emails, installing and updating anti-virus software and using different hard-to-guess passwords for different websites.

Part of the Mark Allen Group.