The Hong Kong Mandatory Provident Fund Schemes Authority issued an alert about phishing SMS messages and two websites impersonating MPFA that are trying to obtain personal information from Mandatory Provident Fund scheme members. The messages falsely claim recipients have not updated their MPF account details and direct them to fraudulent sites. MPFA said neither it nor eMPF Platform Company Limited has sent such messages or has any connection with the websites. The authority identified the fraudulent domains as mpf8[.]xyz and mp-f[.]org, which falsely claim that MPF scheme administration has been transferred to those websites. MPF members can manage account and personal information only through the official eMPF Platform or the eMPF mobile application from official app stores. MPFA and eMPF Company use registered sender IDs under the Office of the Communications Authority’s SMS Sender Registration Scheme, including #MPFA, #eMPF and #eMPFsecure, and their no-reply SMS messages do not contain links requesting personal information or eMPF logins. People who receive suspicious calls, SMS messages, emails or lookalike websites should verify them with MPFA or eMPF Company, and suspected fraud should be reported to the Police.
Hong Kong Mandatory Provident Fund Schemes Authority2026-06-01
Hong Kong Mandatory Provident Fund Schemes Authority warns of phishing SMS and two fraudulent websites impersonating MPFA
The Hong Kong Mandatory Provident Fund Schemes Authority warned of phishing SMS messages and two fraudulent websites, mpf8[.]xyz and mp-f[.]org, impersonating the authority and seeking personal data from Mandatory Provident Fund scheme members. It clarified that neither the authority nor eMPF Platform Company Limited has sent such messages and that members should only manage accounts via the official eMPF Platform or mobile app, noting that legitimate SMS messages use registered sender IDs and do not contain links requesting personal information or logins.