HSBC customers have been targeted in the latest e-mail banking scam discovered in Hong Kong. It directs customers to verify their account details by clicking through a hyperlink to a bogus website that mimics the bank's own site. The e-mail recipients are asked to log on to take part in an anti-fraud investigation - a con similar to one that targeted Citibank customers in January. The Hong Kong Monetary Authority issued a warning to bank customers yesterday, saying the bogus web page 'looks very similar' to the real one. The address of the page is www.ebank.hsbc.com.hk/servlet/onlinehsbc . The earlier e-mail purporting to be from Citibank told account holders that the bank had to block some accounts in its system 'connected with money laundering, credit card fraud, terrorism and check [cheque] fraud activity'. HSBC spokesman Gareth Hewett said the bank would never ask customers to confirm personal information via e-mail for its internet banking, phone banking or ATM services. He said those clients who bank online should never follow a link within an e-mail to start an internet banking session. 'We do not send out e-mail of that sort and customers should not click through,' he said. However, when responding to a personal inquiry, the bank may request some personal information from clients over its private internet banking platform. Adding to the appearance of authenticity, the bogus website sports a banner in bold red type warning customers 'not to access their Internet Banking accounts through hyperlinks embedded in e-mails'. Click on the warning banner and it automatically redirects to an online security page offering additional advice on 'E-mail Security and Spoof Websites' - a replica of the security page on HSBC's website. While HSBC has reported the case to the police, it is not known if anyone has lost money in the scam. The HKMA advised individuals who bank online to practice good security protocol. 'They should access their internet banking accounts by keying in the website addresses at the address bar of the browser, or bookmark the genuine website and use that function to access their internet accounts.'
