- MPFA
-
MPF System
- Background
- Types of MPF Schemes
- MPF Coverage
- Enrolment and Termination
- Mandatory Contributions
- Voluntary Contributions / Tax Deductible Voluntary Contributions
- MPF Tax Matters
- MPF Account Management
- Withdrawal of MPF
- Arrangements for Offsetting Long Service Payment and Severance Payment
- Anniversaries of MPF System
- MPF Investment
- ORSO
- Supervision
- Enforcement
- eMPF Platform
Info Center
Press Releases
- Your Position
- Homepage
- Information Centre
- Press Releases
- MPFA alerts public about phishing SMS messages and fraudulent websites
Share
-
Facebook
-
LinkedIn
-
WhatsApp
-
Email
-
Copy Address
URL copied! -
Print This Page
MPFA alerts public about phishing SMS messages and fraudulent websites
MPFA has recently noticed phishing SMS messages (see screenshots below) falsely claiming to be issued by MPFA. These messages falsely claim that the recipients have not updated their personal information for their MPF accounts in an attempt to lure them into clicking an embedded hyperlink in the messages that directs them to a fraudulent website. MPFA also identified two fraudulent websites impersonating MPFA in an effort to deceive members of the public into providing personal information. MPFA urges the public to remain vigilant and not to provide any personal information on these websites.
An MPFA spokesperson stated that neither MPFA nor eMPF Platform Company Limited (eMPF Company) has issued any such SMS messages or has any connection with the fraudulent websites. The two fraudulent websites, with URLs “mpf8[.]xyz” and “mp-f[.]org”, falsely claim that the administration of MPF schemes has been transferred to those websites to deceive the public into providing personal information. The spokesperson alerted the public that the official website of MPFA is https://www.mpfa.org.hk and urged the public to exercise caution in identifying the website.
The spokesperson stressed that neither MPFA nor eMPF Company would request MPF scheme members to provide or update their personal information through SMS messages. MPF scheme members can manage their accounts and personal information only through the official eMPFTM Platform (eMPF) at https://www.empf.org.hk or the eMPF mobile application downloaded from official app stores, i.e. Apple App Store, Google Play, Huawei AppGallery and APK file at https://www.empf.org.hk.
The spokesperson alerted the public that MPFA and eMPF Company participate in the SMS Sender Registration Scheme put in place by the Office of the Communications Authority. Under the scheme, registered sender names are prefixed with the “#” symbol for identification, including “#MPFA”, “#eMPF” and “#eMPFsecure”. They send only no-reply SMS messages that do not require a response, and they do not include any links in the message asking scheme members to provide personal information or to log in to eMPF. Members of the public who receive SMS messages claiming to be from either MPFA or eMPF Company that were not sent from the above sender IDs must not click any hyperlinks embedded in the messages or provide any personal or eMPF account information.
If MPF scheme members or eMPF users receive suspicious calls, SMS messages or emails, or have doubts about the authenticity of a website similar to that of MPFA or eMPF, please contact MPFA (tel: 2918 0102 / email: mpfa@mpfa.org.hk) or eMPF Company (tel: 183 2622 / email: enquiry@support.empf.org.hk) to verify. Members of the public who suspect that they may have fallen victim to fraudulent activities should report promptly to the Police.
Photo captions: Below are screenshots of the relevant phishing SMS message and fraudulent websites:
– Ends –
1 June 2026
