A wave of phishing scams has hit Hong Kong investors, with attackers impersonating licensed brokers in fraudulent text messages that link to fake websites. The city’s financial regulator is now urging the public to avoid clicking any broker-related SMS links and to verify all communications directly.

The Securities and Futures Commission (SFC) issued the warning after several licensed corporations (LCs) reported cases involving their clients.

Victims received seemingly legitimate mobile messages with embedded links, which led them to counterfeit websites closely mimicking the official portals of actual brokers.

No More Embedded Links in Broker Messages

These spoofed pages reportedly lured clients into submitting their login credentials, details that were then used to carry out unauthorized transactions, causing financial losses.

“SFC today warns the public of phishing mobile text messages with embedded hyperlinks purportedly sent by SFC-licensed corporations (LCs),” the regulator’s warning mentioned.

“Several LCs have reported to the SFC that their clients received such phishing text messages and suffered financial losses as a result of leaking personal data.”

Read more: Phishing Accounts for Nearly 70% of Fraud in Germany, Consumers Lose Over €200 Billion

Following the incidents, the SFC directed all licensed firms to halt the practice of sending electronic messages that contain clickable links for transactions or data entry. The regulator explicitly banned the use of embedded links in emails or SMS that request sensitive information such as account logins or one-time passwords.

The regulator emphasized that these security lapses have had real consequences. Once clients handed over their login data on fake platforms, scammers swiftly moved to execute unauthorized trades or fund transfers.

“The SFC has required LCs not to send electronic messages (such as email or short message service) with embedded hyperlinks that direct clients to their websites or mobile applications to undertake transactions, and not to ask clients to provide via hyperlinks sensitive personal information, including login credentials and one-time passwords.”

Call for Public Vigilance

The SFC urged all investors to remain cautious and verify any suspicious communications. Anyone who receives an SMS claiming to be from a broker should contact the firm directly before taking any action. Crucially, no one should enter login details on unfamiliar or unverified websites, even if the site appears legitimate.

As financial frauds grow increasingly sophisticated, the SFC’s warning highlights the risks posed by digital communication and reinforces the need for tighter cybersecurity practices among both firms and clients.

This article was written by Jared Kirui at www.financemagnates.com.Retail FXRead More

You might also be interested in reading New Fidelity report flags ‘stark contrast’ between Bitcoin and fiat currencies.