First published: 22nd July 2015
Yui Kee has received fake HSBC email that claims to be notification of a Telegraphic Transfer. The email has a PDF attachment that says it is password protected, and links to a webpage that requests the user to sign in with their email and password.
The case does not appear to be connected with the fake HSBC email case highlighted by the HKMA today. Yui Kee Chief Consultant Allan Dyer commented, "There are many variants of these scams, targeting customers of many banks. Criminals are turning people's expectation that communications from their bank will be protected into a vulnerability. Online banking users should familiarise themselves with the communication modes used by their bank, and be very suspicious of any departure from that. In particular, check the sender's email address, the domain name of the webpage and the SSL certificate."