Zach Anderson
Feb 04, 2026 16:31
Hong Kong’s central financial institution alerts public to faux HKMA web sites utilizing ‘ensemble’ domains to lure victims into fraudulent account openings.
Hong Kong’s central financial institution has flagged two new phishing operations impersonating its official web site, marking the third fraud warning from the authority in below a month. The Hong Kong Financial Authority on February 4 recognized a faux website at hkma-gov[.]org and a number of fraudulent login pages utilizing “ensemble” of their domains—a time period notably related to Hong Kong’s ongoing stablecoin sandbox program.
The timing is not coincidental. Scammers look like exploiting public curiosity within the HKMA’s Undertaking Ensemble, which has been testing regulated stablecoin issuance since 2024. By mimicking official infrastructure and utilizing acquainted terminology, fraudsters try to trick customers into opening faux accounts or surrendering private credentials.
“The HKMA is not going to contact particular person members of the general public concerning private monetary issues, nor will it request members of the general public to open accounts or carry out any type of account verification,” the authority acknowledged.
Sample of Escalating Fraud Makes an attempt
This alert follows a January 20 warning about faux social media accounts impersonating HKMA Chief Government Eddie Yue. A separate rip-off alert concentrating on financial institution prospects dropped simply yesterday on February 3. Three warnings in two weeks suggests coordinated fraud campaigns are ramping up in opposition to Hong Kong’s monetary sector.
The HKMA has referred all circumstances to the Hong Kong Police Drive. Anybody who’s interacted with suspicious websites ought to contact the Crime Wing Data Centre at 2860 5012.
What Merchants Ought to Watch
For crypto members working in Hong Kong’s regulated setting, the sample is evident: confirm every part by official channels solely. The respectable HKMA website is https://www.hkma.gov.hk/—bookmark it. Any communication requesting account actions or private knowledge by different domains is fraudulent, full cease.
The “ensemble” area abuse is especially regarding for anybody monitoring Hong Kong’s stablecoin licensing progress. Anticipate extra refined impersonation makes an attempt as the town strikes nearer to finalizing its digital asset framework. When regulators begin issuing precise licenses, scammers can be prepared with convincing fakes.
Picture supply: Shutterstock
