Date
17 January 2017
HSBC assures clients it had nothing to do with the hyperlink on its web page that led to a porn site. Photo: Reuters
HSBC assures clients it had nothing to do with the hyperlink on its web page that led to a porn site. Photo: Reuters

HSBC says sorry after embarrassing hyperlink found on website

It’s not only embarassing. It also highlights the vulnerability of the banking sector to internet security threats.

Visitors to an official web page of British banking giant HSBC were taken aback after they clicked on a hyperlink to an external third-party site. It led to a porn site.

After it was apprised of the embarrassing incident, the bank immediately deleted the hyperlink, apologized to the public and stressed it had not nothing to do with the foul site.

Indeed, the company had to assure clients and shareholders it hadn’t suddenly diversified into a totally different — although presumably lucrative — business.

But HSBC did not elaborate on why the hyperlink appeared on its Young Entrepreneur Awards webpage. Was it the result of a hacker’s attack on its system or an insider’s prank?

A check by Apple Daily on the hyperlink, http://www.hsbc.com.hk/1/2/cr/community/projects/yea, before it was deleted showed that it was a porn site in simplified Chinese.

A click on the “download video player” led to a pop-up window that warned “attackers may try to install vicious programs in your computer through www.verowoo.com”.

Sam Lee, director of web security firm F-Secure for Greater China and South Korea, said the hyperlink was unlikely a hacker’s job but most probably a prank by an employee who exploited weaknesses in the bank’s internal control.

Computer systems of banks in Hong Kong have not been attacked in the past five years, suggesting that they are highly secure, and hackers normally try to break into a system to gain profit or access classified information but rarely for the sake of fooling around, Lee said.

The Hong Kong Monetary Authority has warned citizens to be wary of fake bank websites that aim to commit fraud.

– Contact us at [email protected]

TL/AC/CG

EJI Weekly Newsletter