Scam Busting Tips to Avoid AI Stealing Facial Recognition Details, Getting Hold of Personal Data, Hijacking WhatsApp Account

Scam Busting Tips to Avoid AI Stealing Facial Recognition Details, Getting Hold of Personal Data, Hijacking WhatsApp Account
A few tips are on offer to help you safeguard your personal information, including your voice and recognition details, and the hacking of your WhatsApp account. Antonio Salaverry/Shutterstock
Updated:
0:00

Scam methods are becoming increasingly sophisticated. Recently, advertisements have appeared on YouTube channels suspected to be AI fabrications showing well-known people promoting products or services and ways to invest. The person’s visual appearance and sound of the voice seem correct, but they are actually fabrications.

Around three years ago, Mr. Chan, a Hong Kong resident, received an anonymous call from a person claiming to be an HSBC bank employee. The caller asserted that Mr. Chan’s PayMe mobile wallet account would be upgraded and that a verification code would be sent to his mobile phone, allowing customer confirmation for the upgrade to proceed. You might wonder why Mr. Chan believed the caller was a bona fide HSBC employee, but the caller could quote a lot of Mr. Chan’s personal details, including his full name in both Chinese and English and his ID card number. After the verification code was successfully sent to the mobile phone, the caller asked Mr. Chan to read out the verification code. Because Mr. Chan was not in any way suspicious of the caller’s credentials, he read out the verification code to the caller. Mr. Chan then assumed that this confirmation would enable the upgrade of his PayMe account.

During the evening of the same day, Mr. Chan found that nearly all the money in his PayMe account had disappeared. His account showed that numerous withdrawals were made, each withdrawal removing a few hundred dollars. The fraudster had only left some tens of dollars in his account.

It was only then that Mr. Chan realized he had been tricked. Fortunately, there was only around two thousand Hong Kong dollars in his PayMe account at the time. After reporting the incident to the police and making a statement, he notified his bank. But the money had gone, and there was no chance of the stolen amount being recovered.

In retrospect, Mr. Chan said that from now on, he would only visit his bank to receive financial help, and, that if he received a call from someone claiming to be from his bank again, he would immediately hang up the phone.

Never Disclose the ‘OTP’ or ‘Transaction Password’ to Anyone

According to police records, in June 2022, the Anti-Deception Coordination Centre (ADCC) of the Police Force said that, between January and June 2022, they had received more than 130 similar reports from Hong Kong citizens. Like the method applied to Mr. Chan, the scammer’s technique is to disguise themselves as an employee of the electronic payment platform and fraudulently take out amounts ranging from HK$40 (US$5) to HK$40,000 (US$5,200).

The police pointed out that just because a caller can reveal personal details over the phone does not mean that he or she is a bona fide company representative. Fraudsters can obtain personal details illegally, through public networks, and by utilizing security loopholes.

The police are urging the public to be vigilant when encountering such occurrences. If a call is received from someone claiming to be a PayMe employee, the relevant customer service team can be contacted directly to verify the caller’s authenticity. Additionally, one should never disclose the “one-time verification code” or “transaction password” of any e-wallet to strangers. If in doubt, call the “Anti-Scam Helpline on 18222” to check.

Several Cases of Personal Data Leaks, Not Surprising Fraudsters Get Hold of Data

There have been several cases of personal data leaks in Hong Kong recently, including Cyberport, the Consumer Council, and the Hong Kong Post. The Office of the Privacy Commissioner for Personal Data is calling on people who may be targeted to be more vigilant and consider taking all possible measures to protect their personal data. This includes changing online account passwords, enabling multi-layer authentication, watching for unusual login records in emails and accounts, being wary before disclosing personal information or before opening email attachments, and checking for any unauthorized activities in bank statements.
The ADCC stated that banks will not request any sensitive personal information via phone calls, emails, or text messages, nor will they notify bank account abnormalities through pre-recorded voice messages. Members of the public can obtain the bank’s hotline number on the bank’s website and on the back of their ATM card or credit card. They can also get the hotline number of each bank on the website of the Hong Kong Association of Banks. The safest approach is to call the phone number provided by the bank directly.

WhatsApp the Hardest Hit, Regularly Check on Connected Devices

It is often said that “there are endless ways for fraudsters to commit crimes,” and account theft is just one of them. The most recent eye-catching scam involving user account theft is the fake WhatsApp desktop version, the “WhatsApp Web” website. Once the QR code is scanned, the scammer can log in from other devices and hijack the account. The scammer can then impersonate the original users and send phishing messages to their contacts asking to borrow money.

Based on the accounts of some victims, the Epoch Times checked Google search results and found that if you search for “web whatsapp” instead of “WhatsApp Web,” the first three results all show “sponsored” websites, which are all in simplified Chinese called the “WhatsApp Chinese version—Whatsapp PC version” or “whatsapp new version—whatsapp official authorization;” but they are not the official website of WhatsApp. One of these websites, designed with a QR code, is very similar to the genuine “WhatsApp Web.” Once you scan the code, you will be taken in.

Even though none of these websites are the official WhatsApp’s website, they are all listed above the official “WhatsApp Web” website.

The police said that from August to September alone, 1,366 online account hijack cases were recorded, 96 percent of which were WhatsApp accounts, with a total loss of HK$28.2 million (US$3.2 million). In addition to hijacking personal accounts, at least five social welfare organizations and schools have become victims up to the beginning of October, according to the Office of the Privacy Commissioner for Personal Data.

Some Tips to Prevent WhatsApp Hijack

1) Set up two-layer authentication for your account Users can click “Settings > Account > Two-Layer Authentication” in the WhatsApp application to set a password. When fraudsters try to log in to your account from other devices, they will need to answer questions entered into the original registered device.
2) Check the WhatsApp connected devices Users can click “Settings > Connected Devices” in the WhatsApp application to check for connected devices. If there’s any suspicious device, they should “log out” immediately. Users should also check and log out of connected devices regularly.

WhatsApp Video Call Scam May Involve Facial Recognition Theft

AI technology has advanced rapidly in recent years. “Deepfake” technology is used to “swap faces” in videos, making it easy to simulate someone else. The police have received at least two such reports this year. One report alleges that a Hong Kong man contacted a scammer via a video call on a dating platform. The man then downloaded a mobile phone app from an unknown source. Following the download, he became a victim of an extortion attack because his face information had been integrated into a porn movie.

Another report involves a Japanese man who met someone on a social media platform. The man he met claimed to be the CEO of a bank in Hong Kong. The new contact uploaded a clip of a foreign TV station purportedly interviewing him. He then asked the Japanese man to buy a Stored-value card (SVC). The Japanese man, however, became suspicious and made an inquiry at the bank where the “CEO” supposedly officiated. The Japanese man discovered that although the “CEO” online looked like the CEO in the video clip, his face had been “swapped” in the clip.

In recent months, many netizens have reported receiving WhatsApp video calls from unknown sources. IT experts advise internet users to avoid answering video calls from unknown sources. When a connection is made on a video call, scammers can obtain the other party’s face and voice information. Using AI technology, the collected personal data can be synthesized with additional video footage by the scammer to produce fraudulent and incriminating evidence.

Related Topics