Phishing Alert - Phishing Campaigns Targeting Users in Various Platforms on the Rise
Type: Phishing
Phishing Alert
Current Status and Related Trends
There is threat intelligence indicating an increasing trend of phishing attacks targeting users on various platforms.
Recently, there was a new trend of phishing campaigns targeting users on various platforms in Hong Kong. Hackers had been creating phishing websites impersonating various banks' login pages, even to impersonate HKSAR Government departments such as the Inland Revenue Department. Hackers aimed to retrieve the personal information from targeted users, such as their identity card numbers, credit card information and login credentials, etc. The two screen captures below show the phishing attack of hackers sending a phishing email impersonating the Inland Revenue Department of HKSAR Government and luring the targeted users to click and browse the phishing website. The aim was to let the targeted users input their personal information into the phishing website.
In addition, hackers had also been creating counterfeit login webpages for an instant messaging platform. Other than sending phishing SMS to launch the attacks, hackers had also been advertising the page in search engines to position at higher search engine results to lure the targeted users to enter and scan the QR code shown on the phishing site. If the user had carelessly scanned the QR code on the webpage, the hacker could access the user’s account and contact and scam their families and friends through impersonation.
Source: Google search engine results (The fake advertisement shown above had already been removed).
Below is an image depicting the phishing site, which closely resembles the WhatsApp web version. The site includes a QR code for logging in and provides users with accompanying instructions to follow.
Source: Google search engine results ( The fake advertisement shown above had already been removed).
Despite the QR code being a legitimate WhatsApp login code, it was replayed from the hacker's device. Once a user scanned the code, the hacker could gain authorised access to the user’s instant messaging account, but not the user’s device. The hacker could then retrieve extensive information and data, including photos, videos, documents, chat records, and contact book details. With this access, the hacker could assume the logged-in user's identity and send malicious messages to the families and friends, such as requesting fund transfers or purchases of "point cards". To further deceive the victim, the hacker would conceal these malicious messages within the archive folder to avoid detection.
The Hong Kong Computer Emergency Response Coordination Centre (HKCERT) urges local users to stay vigilant against the mentioned phishing attacks and reminds the public to verify the URLs of instant messaging platforms before attempting to log in. Moreover, mobile device users should not click any links from untrusted sources such as advertisements from search engines. In addition, instant messaging users should check their accounts periodically for unknown devices being linked to their accounts and monitor the archive folders in the instant messaging platforms regularly for malicious records. If there are any financial requests from families and friends through instant messaging, such requests shall be verified over the phone or in person.
Regularly checking the list via “Setting” -> “Linked devices”. Log out all unknown devices (if any) immediately.
Monitor the “archived” folders in the instant messaging platform for any malicious records.
For more information about preventive measures for phishing campaigns targeting instant messaging accounts, please visit: https://www.hkcert.org/blog/hkcert-alerts-the-public-on-preventive-measures-against-whatsapp-account-theft
HKCERT recommends that users should:
- Verify the URLs of instant messaging platforms before attempting to log in
- Should not click any links from untrusted sources, such as advertisements from search engines
- Should check their accounts periodically for unknown devices being linked to their accounts
- Monitor the archive folders in the instant messaging platforms regularly for malicious records
- If there are any financial requests from families and friends through instant messaging, such requests shall be verified over the phone or in person
- Adopt anti-phishing features in web browsers to help block phishing attacks
- Use the free search engine “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL or IP address, etc.
Related Tags
Share with