Skip to main content

Phishing Alert - Beware of Fake Website SMS Messages

Release Date: 16 Aug 2024 4048 Views

Type: Phishing

Phishing Alert

Current Status and Related Trends

During the summer vacation, there has been a marked increase in the impersonation of reputable online entities such as Expedia and the Shangri-La Hotel through phishing websites, as well as the Water Supplies Department and Hong Kong Police Force, with the intent to defraud. HKCERT has been utilizing AI to preemptively identify and discern such fraudulent websites. We conduct a thorough analysis and assessment of the phishing trends targeting Hong Kong, subsequently distributing timely alerts and defensive strategies to the populace, urging the public to adopt preventive measures.

 

The content of fraudulent messages is diverse, predominantly encompassing services and offers that are frequently utilized by the general public. Scammers are adept at capitalizing on the travel needs during holidays or common services of interest to local residents to execute their online scams. Recently, there has been a proliferation of phishing websites employing phrases such as "automatic water bill payment", "holiday travel survey" or "air ticket booking". These fraudulent sites are often linked through short URLs, complicating the public's ability to verify the legitimacy of these links. The small screen size of mobile devices further hampers the detection of suspicious webpage appearances upon entry. Additionally, the general populace tends to exhibit a lower level of awareness regarding mobile security, which contributes to the high success rate of frauds perpetrated through these deceptive websites.

 

The following are recent examples of phishing URLs detected by HKCERT using AI:

 

 

 

HKCERT urges the public to increase their awareness of cybersecurity and recommends that Internet users should::

 

  • Check the URL: The URL of a phishing website is usually similar to the real website, but there will be slight differences, such as misspellings or using a different domain name. Users should double check the URL to ensure it is correct.
  • Pay attention to security certificates: Although phishing websites can also use the HTTPS protocol, users should still check the security lock symbol in the browser address bar and ensure that the certificate information matches the website.
  • Watch out for suspicious content: Phishing websites may contain misspellings, grammatical errors, or inconsistent design elements. These are potential warning signs.
  • Use anti-phishing tools: Use the free search engine “Scameter” of Cyberdefender.hk to identify fraud and network traps by checking website addresses and IP addresses, or call the Anti-Fraud Coordination Center of the Hong Kong Police Force. Call the police for help through the anti-fraud hotline 18222.
  • Avoid clicking on unknown links: Don’t click on random links from unknown sources, especially links you receive in email or on social media.
  • Implement SMS spam blocking on devices: 
    for Android phone, go to Settings > SMS Spam Recognition.
    for IOS phone, go to Settings > Messages > Unknown & Spam.
  • Update software regularly: Ensure operating systems and applications are kept up to date to prevent known vulnerabilities from being exploited.
  • Enable multi-factor authentication: Enable multi-factor authentication for important accounts to add an extra layer of security.
  • Education and training: Companies should provide regular cybersecurity training to employees to improve their awareness of prevention.
  • Monitor account activity: Regularly check the activity of bank accounts and other important accounts to detect suspicious behavior early.
  • Back up important data: Back up important data regularly to prevent data loss due to phishing attacks or other cyber threats.

 

Businesses or members of the public who wish to report to HKCERT on information security related incidents such as malware, phishing, denial of service attacks, etc. can do so by completing the online form at: https://www.hkcert.org/incident-reporting, or calling the 24-hour hotline at +852 8105 6060. For further enquiries, please contact HKCERT at [email protected].

 

Related Tags