Scam methods are becoming increasingly sophisticated. Recently, advertisements have appeared on YouTube channels suspected to be AI fabrications showing well-known people promoting products or services and ways to invest. The person’s visual appearance and sound of the voice seem correct, but they are actually fabrications.
Around three years ago, Mr. Chan, a Hong Kong resident, received an anonymous call from a person claiming to be an HSBC bank employee. The caller asserted that Mr. Chan’s PayMe mobile wallet account would be upgraded and that a verification code would be sent to his mobile phone, allowing customer confirmation for the upgrade to proceed. You might wonder why Mr. Chan believed the caller was a bona fide HSBC employee, but the caller could quote a lot of Mr. Chan’s personal details, including his full name in both Chinese and English and his ID card number. After the verification code was successfully sent to the mobile phone, the caller asked Mr. Chan to read out the verification code. Because Mr. Chan was not in any way suspicious of the caller’s credentials, he read out the verification code to the caller. Mr. Chan then assumed that this confirmation would enable the upgrade of his PayMe account.
During the evening of the same day, Mr. Chan found that nearly all the money in his PayMe account had disappeared. His account showed that numerous withdrawals were made, each withdrawal removing a few hundred dollars. The fraudster had only left some tens of dollars in his account.
It was only then that Mr. Chan realized he had been tricked. Fortunately, there was only around two thousand Hong Kong dollars in his PayMe account at the time. After reporting the incident to the police and making a statement, he notified his bank. But the money had gone, and there was no chance of the stolen amount being recovered.
Never Disclose the ‘OTP’ or ‘Transaction Password’ to Anyone
According to police records, in June 2022, the Anti-Deception Coordination Centre (ADCC) of the Police Force said that, between January and June 2022, they had received more than 130 similar reports from Hong Kong citizens. Like the method applied to Mr. Chan, the scammer’s technique is to disguise themselves as an employee of the electronic payment platform and fraudulently take out amounts ranging from HK$40 (US$5) to HK$40,000 (US$5,200).The police pointed out that just because a caller can reveal personal details over the phone does not mean that he or she is a bona fide company representative. Fraudsters can obtain personal details illegally, through public networks, and by utilizing security loopholes.
Several Cases of Personal Data Leaks, Not Surprising Fraudsters Get Hold of Data
There have been several cases of personal data leaks in Hong Kong recently, including Cyberport, the Consumer Council, and the Hong Kong Post. The Office of the Privacy Commissioner for Personal Data is calling on people who may be targeted to be more vigilant and consider taking all possible measures to protect their personal data. This includes changing online account passwords, enabling multi-layer authentication, watching for unusual login records in emails and accounts, being wary before disclosing personal information or before opening email attachments, and checking for any unauthorized activities in bank statements.WhatsApp the Hardest Hit, Regularly Check on Connected Devices
It is often said that “there are endless ways for fraudsters to commit crimes,” and account theft is just one of them. The most recent eye-catching scam involving user account theft is the fake WhatsApp desktop version, the “WhatsApp Web” website. Once the QR code is scanned, the scammer can log in from other devices and hijack the account. The scammer can then impersonate the original users and send phishing messages to their contacts asking to borrow money.Based on the accounts of some victims, the Epoch Times checked Google search results and found that if you search for “web whatsapp” instead of “WhatsApp Web,” the first three results all show “sponsored” websites, which are all in simplified Chinese called the “WhatsApp Chinese version—Whatsapp PC version” or “whatsapp new version—whatsapp official authorization;” but they are not the official website of WhatsApp. One of these websites, designed with a QR code, is very similar to the genuine “WhatsApp Web.” Once you scan the code, you will be taken in.
Even though none of these websites are the official WhatsApp’s website, they are all listed above the official “WhatsApp Web” website.
Some Tips to Prevent WhatsApp Hijack
1) Set up two-layer authentication for your account Users can click “Settings > Account > Two-Layer Authentication” in the WhatsApp application to set a password. When fraudsters try to log in to your account from other devices, they will need to answer questions entered into the original registered device.WhatsApp Video Call Scam May Involve Facial Recognition Theft
AI technology has advanced rapidly in recent years. “Deepfake” technology is used to “swap faces” in videos, making it easy to simulate someone else. The police have received at least two such reports this year. One report alleges that a Hong Kong man contacted a scammer via a video call on a dating platform. The man then downloaded a mobile phone app from an unknown source. Following the download, he became a victim of an extortion attack because his face information had been integrated into a porn movie.Another report involves a Japanese man who met someone on a social media platform. The man he met claimed to be the CEO of a bank in Hong Kong. The new contact uploaded a clip of a foreign TV station purportedly interviewing him. He then asked the Japanese man to buy a Stored-value card (SVC). The Japanese man, however, became suspicious and made an inquiry at the bank where the “CEO” supposedly officiated. The Japanese man discovered that although the “CEO” online looked like the CEO in the video clip, his face had been “swapped” in the clip.
In recent months, many netizens have reported receiving WhatsApp video calls from unknown sources. IT experts advise internet users to avoid answering video calls from unknown sources. When a connection is made on a video call, scammers can obtain the other party’s face and voice information. Using AI technology, the collected personal data can be synthesized with additional video footage by the scammer to produce fraudulent and incriminating evidence.
