The warning follows an order by the Monetary Authority on Monday demanding that banks step up online banking security after three clients, from two banks, lost HK$289,000 between April and June from unauthorised online transactions. Eight banks have reported being targeted.

The customers who lost money were believed to have accessed their online banking accounts using personal computers infected with Trojan horse programs that record keystrokes and send the information to a hacker. The hacker then logged in to the account using the stolen usernames and passwords.

A one-time password - generated by a security device given by the bank or sent as a text message - to authenticate transactions was also intercepted in the same manner and enabled hackers to transfer the money.

Roy Ko Wai-tak, manager of the Computer Emergency Response Team Co-ordination Centre, said the attacks were most likely launched by organised cyber criminals targeting specific bank clients.

He said the technique had "conceptually and practically" compromised the double authentication process used by banks.

"The logistics - from planting the Trojans to wiring out the money - are very complicated and require expert skills," he said, adding that the hackers would frequently alter the Trojan programs to avoid being blocked by anti-virus software.

Chow Kam-pui, associate director of the Centre for Information Security and Cryptography at the University of Hong Kong, said the Trojan programs were normally hidden in the attachments of spam e-mails.