HKMA Warns of Phishing Scams Targeting Alipay HK Users

The Hong Kong Monetary Authority (HKMA) has issued a warning about phishing scams targeting users of Alipay Financial Services (HK) Limited. Fraudsters are reportedly sending fake instant messages and making deceptive phone calls in an attempt to steal personal information and account credentials.

Alipay HK, a licensed stored value facility (SVF) provider, has already reported the scam to the HKMA and published its own advisory urging users to exercise caution. The HKMA advises anyone who has shared sensitive details or conducted financial transactions in response to these phishing attempts to immediately contact Alipay HK and report the issue to the Hong Kong Police or the Anti-Deception Coordination Centre at 18222.

Phishing attacks have been a persistent threat in Hong Kong's financial sector, particularly as digital payment platforms like Alipay and WeChat Pay dominate the local market. According to cybersecurity experts, fraudsters often exploit the trust users place in these platforms, crafting realistic but fraudulent communications to con victims into divulging sensitive information.

The HKMA’s swift response highlights the increasing importance of regulatory oversight in safeguarding digital payment ecosystems. With digital wallet adoption soaring in Hong Kong—fueled in part by the government’s consumption voucher schemes—cybercriminals have more potential targets than ever. This underscores the need for financial institutions and users alike to remain vigilant against evolving fraud tactics.

For users, the HKMA’s guidance is clear: verify all communications claiming to be from financial service providers, avoid clicking on suspicious links, and report any fraudulent activity immediately. As phishing methods grow more sophisticated, education and awareness are critical tools in combating these scams.

This incident also serves as a reminder for SVF providers to enhance their security measures and communication protocols. Ensuring that users can easily differentiate between legitimate and fraudulent messages is essential to maintaining trust in digital payment platforms.

The HKMA’s warning comes amid broader concerns about cybersecurity risks in Asia’s financial hubs. With digital payments now deeply embedded in daily life, the stakes are higher than ever for regulators, service providers, and consumers to address vulnerabilities proactively.