A recent wave of SMS phishing scams has exposed serious vulnerabilities in brokers’ defenses, prompting Hong Kong’s Securities and Futures Commission (SFC) to issue fresh guidance aimed at safeguarding investor accounts.

As fraudsters increasingly mimic legitimate broker messages to lure investors into fake websites, the SFC is urging licensed corporations to take immediate steps to prevent unauthorized trading.

Scams Target Clients Through Deceptive SMS Links

The regulator revealed that attackers have tricked clients into clicking on fraudulent links in text messages. These links reportedly redirect users to counterfeit versions of licensed corporations’ websites, where fraudsters harvest login credentials and authentication data.

In several cases, criminals used this stolen information to access trading accounts and carry out unauthorized transactions. Victims bore the financial losses, and the SFC has since observed a notable increase in such incidents.

“The SFC fully supports a globally coordinated and multi-pronged approach to addressing the growing phenomenon of unlawful finfluencers and their wide followings on social media,” commented Julia Leung, the SFC’s Chief Executive Officer and Chair of the IOSCO Asia-Pacific Regional Committee.

“Working in concert with our regulatory counterparts will enhance the SFC’s own effectiveness in safeguarding market integrity and protecting the investing public through supervisory oversight, enforcement actions, and investor education.”

In its latest circular, the SFC outlined key measures that licensed corporations must implement. These include signing up for the free SMS Sender Registration Scheme to help clients verify message authenticity, deploying surveillance systems to detect account breaches, and reporting suspicious transactions to the Joint Financial Intelligence Unit for further investigation.

Brokers are also expected to educate clients about potential scams, especially if they have experienced breaches or are aware of ongoing fraud trends in the market. The SFC highlighted tools like Scameter and its mobile app Scameter+ as resources clients can use to assess suspicious messages or websites.

Public Urged to Remain Vigilant

The SFC reminded investors not to click on any hyperlinks in text messages that appear to come from brokers without first verifying the sender’s identity. It advised against entering login details on any unverified website, even if it appears legitimate.

Anyone who suspects they’ve disclosed sensitive information or discovered unauthorized activity in their account should contact their broker immediately and report the case to the police.

The regulator’s message is clear: with phishing threats on the rise, proactive action from both brokers and investors is crucial to maintaining trust in Hong Kong’s financial system.

Source: Finance Magnates