HKICL Flags Fraudulent "FPS" Websites Targeting Hong Kong Users
AI Market Summary
HKICL's alert on fake Faster Payment System (FPS) websites highlights rising phishing risk targeting "virtual wallet" users, potentially undermining confidence in on‑ramps and retail participation. In parallel, Hong Kong's SFC is tightening cybersecurity requirements for licensed virtual asset platforms by phasing out SMS‑based verification and expanding warnings on unlicensed entities, increasing compliance pressure while reducing fraud vectors over time.
Impact level
● Medium
Affected assets
BTC/USDT+0.56%
AI Insight · BTC/USDTAI Insight
● Neutral
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Hong Kong Interbank Clearing Limited (HKICL) says it has detected a number of fraudulent websites masquerading as the official Faster Payment System (FPS), using promotions such as "cash rewards" and "virtual wallet transactions" to trick users into handing over identity and banking information.
HKICL said the spoofed sites typically ask for a Hong Kong ID card number, an ID photo, phone number, bank account details and account name. Users are then prompted to deposit or withdraw funds via FPS through a so-called virtual wallet. Some sites also claim they can help with refund applications, reports of unauthorized online transactions or transaction support, before steering victims to fake customer-service channels.
HKICL stressed the sites are not connected to its business and reiterated that it does not provide FPS services directly to the general public or proactively contact individual users about such services. It said its only official websites are hkicl.com.hk and fps.hkicl.com.hk. The public is advised to verify any messages purportedly from HKICL via its official hotline before providing personal data, and anyone who suspects they have been scammed should report the matter to Hong Kong Police as soon as possible.
The incident comes as regulators in Hong Kong tighten oversight of virtual asset platforms and online payment security. Earlier this week, the Securities and Futures Commission (SFC) introduced new cybersecurity requirements requiring licensed virtual asset trading platforms and online brokers to phase out SMS-based verification in favor of stronger, phishing-resistant login methods over the next 12 months.
The SFC said firms should no longer rely solely on one-time verification codes generated via SMS, email or apps, and must deploy stronger authentication paired with device-binding measures. The measures cited include passkey login, cryptographically verified registered devices and hardware security keys.
The SFC also said unlicensed platforms have been added to its warning list. It recently named Aurum/Aurum Foundation, which claims to be registered under Hong Kong's Companies Ordinance, but which the regulator said does not hold the required license to conduct regulated virtual asset activities. The SFC added the entity to its warning list and cautioned investors about potential risks.
Taken together, the latest alerts and rule changes underscore Hong Kong's push to clamp down on phishing scams and unlicensed crypto businesses.