The Securities and Futures Commission (SFC) today cautions the public about impersonation scams involving fraudsters claiming to represent the SFC. Recent reports to the SFC indicate that scammers have been contacting members of the public and industry professionals through phishing emails that purportedly originate from the SFC.
In these cases, fraudsters impersonated SFC personnel and sent deceptive emails that urge recipients to reply. Other tactics include urging recipients to click on embedded links to install malware or ransomware on the recipient’s device and requests for personal or contact details under false pretences.
Scammers often use email addresses that closely resemble the SFC’s official domain, but are in fact fake. The recipients targeted in these cases included SFC-licensed corporations, their staff and members of the investing public.
The SFC stresses that all such unsolicited messages and claims are fraudulent. The public is strongly advised to exercise extreme caution when dealing with unexpected communications:
- The SFC’s only official email domain is @sfc.hk; any variation is fraudulent.
- Scammers may use “@sfc.hk” in the sender’s display name to mislead recipients. Always check the actual sending email address carefully.
- Verify personnel identities and the authenticity of any SFC communications through official channels by contacting the SFC at enquiry@sfc.hk.
- Do not reply to unsolicited emails, or send money or disclose account details if asked by anyone claiming to be SFC staff.
- Report any suspected impersonation, fake documents, or suspicious communications immediately to the SFC or the Police.
For more information on scam prevention and known fraudulent activities, visit the SFC’s Alert List and the Police’s Anti-Deception Coordination Centre.
