|
Fraudulent bank websites The public should be aware of an increase in fraudulent banking websites. As mentioned in the materials for my briefing to the Legislative Council Panel on Financial Affairs on the work of the HKMA this week, we have noticed an increase in fraudulent bank websites over the last year or so. The number of these websites, which often look remarkably like the real websites of various banks, reached a peak in 2004 but then declined sharply after the banks introduced two-factor authentication in 2005, in the form of a one-time password generated by those clever tokens given to you by your bank or contained in an SMS message they send to you, or a digital certificate stored in a secure device, to identify you securely when you log on to use on-line banking services or conduct certain on-line transactions. However, the number of fake websites has increased again, from 17 in 2006 to 27 last year (a rise of 59%), and four such websites were reported in the first quarter of this year. This increase is reflected in the number of reports received by our Public Enquiries Service. Although the reasons for this increase are not entirely clear, it probably has something to do with the ease and relatively low levels of technical skill with which these websites can be set up, and the low cost compared with the potential gains for the crimes behind them. From our contacts with banking supervisors overseas, we understand that the rising trend is not limited to Hong Kong and that there have also been reported cases of bank customers providing sensitive information to the fake websites (including one-time passwords): the Internet really is global, it seems. I'm sad to say that even the HKMA's own website has been "cloned" and we have received reports of people receiving e-mails, or sometimes telephone calls, telling them that they have won a lottery or otherwise come into some money, from a company that sometimes claims to be linked to or endorsed by the HKMA or a body with a similar name. Sometimes they say that the HKMA is holding the money. The e-mail or telephone call then asks the recipient to transfer funds to a particular account to meet some fee or other that has to be paid before the money can be released to them. The recipient is often asked to go to the fake HKMA website for "confirmation" that the service is genuine. Needless to say, the claims are untrue. I would therefore like to remind readers that banks in Hong Kong will never ask for sensitive information, such as passwords, by e-mail, over the phone or in person. The HKMA will certainly never do so and does not offer banking or other financial services to the public through its website. We certainly don't hold lottery winnings or other monies for members of the public. There is only one legitimate HKMA website (www.hkma.gov.hk). Members of the public who use on-line banking services should also, of course, continue to observe the normal security precautions of never accessing bank websites through links sent to them in e-mails or appearing in pop-ups, being very careful about opening suspicious e-mails with attachments from senders they don't recognise, and, most importantly, never giving sensitive information to third parties. There are some useful tips on e-banking security on our website. The HKMA, the Hong Kong Association of Banks and the Police will be stepping up consumer education in this area. The major banks have also already introduced some additional security measures such as sending customers SMS messages to notify them of high-risk Internet banking transactions conducted on their accounts. I would strongly encourage bank customers to make full use of such services and notify their bank immediately if they discover any suspected unauthorised transactions. I am confident that legitimate e-banking services offered by banks in Hong Kong remain safe, reliable and convenient to use as long as customers take a few simple precautions. Joseph Yam ¡@ Click here for previous articles in this column. ¡@ |
¡@
