Phishing Alert - Beware of Fake Ticket Purchasing Website Requesting Personal Info
Type: Phishing
Phishing Alert
Current Status and Related Trends
Recently, HKCERT has discovered that scammers are creating phishing websites that impersonate online ticket purchasing websites of Hong Kong attractions. These phishing websites exploit users' of attrative discounts by tricking them into providing personal information to complete the ticket purchasing. Upon receiving these reports, HKCERT identified the fraudulent websites and promptly issued alerts and defensive strategies to the public, urging them to take preventive measures. Scammers often use phrases such as 'limited time discount' or 'big sale' and employ deceptive, similar-looking URLs to obscure the legitimacy of their sites.
The following is recent examples of phishing URLs reported by HKCERT:
Once users click on the fraudulent website, a page with ticket to attractions with discount was shwon. The scammers then inform users to click further to continue the purchase.
On the next page, users are asked to select the type of the ticket and the date of visit. They are asked to proceed payment after that.
After clicking 'Proceed to pay', the scammers request users to register an account on the website. Users are asked to provide their name, email and phone number, thereby attempting to collect users' personal information.
HKCERT urges the public to increase their awareness of cybersecurity and recommends that Internet users should::
- Check the URL: The URL of a phishing website is usually similar to the real website, but there will be slight differences, such as misspellings or using a different domain name. Users should double check the URL to ensure it is correct.
- Pay attention to security certificates: Although phishing websites can also use the HTTPS protocol, users should still check the security lock symbol in the browser address bar and ensure that the certificate information matches the website.
- Watch out for suspicious content: Phishing websites may contain misspellings, grammatical errors, or inconsistent design elements. These are potential warning signs.
- Use anti-phishing tools: Use the free search engine “Scameter” of Cyberdefender.hk to identify fraud and network traps by checking website addresses and IP addresses, or call the Anti-Fraud Coordination Center of the Hong Kong Police Force. Call the police for help through the anti-fraud hotline 18222.
- Avoid clicking on unknown links: Don’t click on random links from unknown sources, especially links you receive in email or on social media.
- Implement SMS spam blocking on devices:
for Android phone, go to Settings > SMS Spam Recognition.
for IOS phone, go to Settings > Messages > Unknown & Spam. - Update software regularly: Ensure operating systems and applications are kept up to date to prevent known vulnerabilities from being exploited.
- Enable multi-factor authentication: Enable multi-factor authentication for important accounts to add an extra layer of security.
- Education and training: Companies should provide regular cybersecurity training to employees to improve their awareness of prevention.
- Monitor account activity: Regularly check the activity of bank accounts and other important accounts to detect suspicious behavior early.
- Back up important data: Back up important data regularly to prevent data loss due to phishing attacks or other cyber threats.
Businesses or members of the public who wish to report to HKCERT on information security related incidents such as malware, phishing, denial of service attacks, etc. can do so by completing the online form at: https://www.hkcert.org/incident-reporting, or calling the 24-hour hotline at +852 8105 6060. For further enquiries, please contact HKCERT at [email protected].
Related Tags
Share with