The Hong Kong Securities and Futures Commission has issued guidance to licensed corporations on measures to prevent and respond to unauthorised trading in client accounts amid an increase in SMS phishing attacks. Recent incidents involved clients being tricked into clicking hyperlinks in text messages and redirected to lookalike websites, allowing fraudsters to capture user names, login passwords and authentication data and then access accounts to conduct unauthorised trading. The circular sets expectations that licensed corporations help clients verify text message senders by enrolling in the free SMS Sender Registration Scheme, implement monitoring and surveillance to detect unauthorised access and promptly report suspicious transactions to the Joint Financial Intelligence Unit, and step up client outreach including encouraging use of Scameter and Scameter+. The SFC also reminded the public not to click hyperlinks in SMS messages purportedly sent by licensed corporations, to verify doubtful messages directly with the firm, and to contact their broker and report to the Police if login details have been disclosed to unverified websites or unauthorised transactions are identified.
Hong Kong Securities & Futures Commission 2025-06-06
Hong Kong Securities and Futures Commission issues circular urging brokers to strengthen client protection against SMS phishing and unauthorised trading
The Hong Kong Securities and Futures Commission issued guidance to licensed corporations on preventing and responding to unauthorized trading in client accounts due to increased SMS phishing attacks. The circular advises firms to enroll in the SMS Sender Registration Scheme, enhance monitoring, report suspicious transactions to the Joint Financial Intelligence Unit, and increase client outreach. The SFC also cautioned the public against clicking on SMS hyperlinks and urged verification of messages directly with firms.