期货和衍生品行业监管动态




                   业电邮诈骗案的风险，以及确保为有关监控职能分配足够资源及实施适当的制衡


                   措施。



                        持牌法团应定期向员工提供培训，以提高他们对提防电邮诈骗案的警觉性，


                   并确保他们了解适当的处理程序。持牌法团的员工应根据内部规程仔细地检查电


                   邮地址，审慎地查核有关要求的真实性，勤勉尽责地对预警迹象进行调查，并及


                   时上报有关问题。



                        持牌法团亦应参考 SFC 就管理网络安全风险及防范电邮诈骗案的监控措施

                   及技术而发出的指引。



                   Circular to licensed corporations - Managing the risks of business email

                   compromise（SFC 2022/3/24）


                        The Securities and Futures Commission (SFC) has recently received reports from

                   licensed corporations (LCs) about business email compromise, a type of cyber fraud

                   whereby fraudsters posing as known business contacts dupe unwary staff into sending

                   them money or sensitive information. These incidents resulted in the leakage of client

                   information which undermined client interests and, in some cases, significant

                   financial losses which the LCs had to bear.


                        Business email compromise


                        A business email compromise (BEC) scheme typically involves one or more of

                   the following actions by the fraudsters:


                             forging an email address which looks like that of a genuine client contact

                       for communicating with the target LC;


                             impersonating client contacts and making apparently legitimate requests
                       such as asking for copies of statement of accounts, adding or altering authorised

                       signatories, applying for user accounts or placing trade orders; and



                   回 到 首 页                                   42                                回 到 目 录