@ducklah 17 May 2023

Threat Actor

Unknown

Description

Recent phishing campaigns are actively targeting Hong Kong users. It was reported that hackers have been sending out phishing messages and creating phishing websites that pretend to be local online platforms. HKCERT has discovered and received reports that some phishing attacks were pretending to be local online shops such as HKTVmall and OpenRice, even public services such as “HKeToll” and “Voluntary Health Insurance Scheme” from the HKSAR Government. The phishing attacks aimed to steal users' credentials and collect sensitive information such as credit card and bank information.

HKCERT suggests users stay vigilant to phishing attacks and adopt the security tips as follows:

• Log in to any accounts from the official website or mobile app only;

• If you receive a suspicious email or instant message, please verify the details at the official channels. Do not provide sensitive information to any unknown senders;

• Verify the social media page of an online shop by using the social media verification badge function (such as the Blue Badge in Facebook and Instagram);

• Adopt anti-phishing features in web browsers to help blocking phishing attacks; and

• Use the free search engine “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL, or IP address, etc.