Suara Malaysia
ADVERTISEMENTFly London from Kuala LumpurFly London from Kuala Lumpur
Monday, November 25, 2024
More
    ADVERTISEMENTFly London from Kuala LumpurFly London from Kuala Lumpur
    HomeTechHong Kong sees drop in email phishing, but cybersecurity still lacking

    Hong Kong sees drop in email phishing, but cybersecurity still lacking

    -

    Fly AirAsia from Kuala Lumpur

    Hong Kong recorded a significant drop in the number of email phishing cases in the first five months of this year, but police have warned public awareness of cybersecurity is still lacking as employees at most companies that took part in an anti-scam drill clicked on dubious links.

    The city logged 71 email phishing cases in the first five months of 2023, a 54.2% drop compared with the same period last year, police revealed on Monday.

    The amount lost totalled HK$50.9mil (RM29.66mil), accounting for an 87.4% decline over the same period in 2022.

    (From left) Wong Ka-wai, Hong Kong Internet Registration Corporation CEO; Senior Superintendent Raymond Lam; Sean Lee, CEO of China Mobile Hong Kong; and Senior Inspector Ng Pak-wai. Photo: Yik Yeung-man

    The drop follows a downward trend recorded since 2019, when 816 incidents were reported to authorities, representing an 8.7% decline compared with 2018. Losses amounted to HK$2.54bil (RM1.48bil) in 2019, marking a 48% rise over the previous year.

    Only 391 cases surfaced in 2022, with losses totalling HK$750mil (RM437.13mil).

    Senior Superintendent Raymond Lam Cheuk-ho at the police’s cybersecurity and technology crime bureau attributed the downward trend to improved mail filtering tools, better public awareness and stricter requirements for opening company bank accounts.

    “Phishing emails targeting firms will pretend to be from the receivers’ managers or business partners, and tell them to send money to bank accounts controlled by scammers,” he said.

    “To make it more trustworthy, scammers tend to open some company accounts, but banks have tightened the requirements for opening company accounts and stepped up inspections on applicants, which has made it more difficult for scammers to have accounts, and in return, decreased the number of phishing email scams.”

    ALSO READ:  MCMC and MyCC enhance collaboration on communication competition.

    The force and the Hong Kong Internet Registration Corporation, the government-designated domain registration service provider in the city, co-organised a phishing email drill involving 10,326 employees from 186 companies which took place between May and June this year.

    During the drill, police sent five fake phishing emails to each employee that involved online meeting invites, an AI chatbot subscription, passcode and email verification requests and questionnaires from food delivery platforms.

    Authorities have recorded a downward trend in the number of phishing cases since 2019. Photo: Shutterstock Images

    Participants were notified about the drill and cybersecurity resources after clicking on the “phishing links”.

    A total of 1,645 participants, or 15.9%, clicked at least one of the links, while at least one employee at 114 companies, or 61.6%, opened them.

    Most of the duped participants fell for the online meeting invites, with 7.3% clicking on them, followed by the AI chat bot subscription and passcode verification requests from IT, which both had a click rate of 5.6%.

    “We found there was still some room for improvement when it came to cybersecurity awareness, as 61.6% is not a small figure,” said Wong Ka-wai, chief executive officer of the Hong Kong Internet Registration Corporation.

    Wong added some companies saw more than half of their employees falling for the fake scam, while the worst-performing participant clicked on all five emails.

    In a drill held last year that involved 3,175 employees from 61 firms, 34.6% of participants and 78.9 % of firms were “phished”, according to the force.

    Police reminded the public not to click links in emails from unidentified senders and to check for discrepancies in email addresses, such as replacing the lower case letter “l” with the number “1” or using “0” for “O”.

    ALSO READ:  JPDP to investigate alleged hacking incident on local Misi Rakyat website

    The force also urged residents to use its “Scameter” to check for phishing risks embedded in a URL.

    When a URL is pasted into the Scameter, the system will check it against the force’s database of phishing links.

    But police acknowledged that the database relied on cases reported by victims, adding that it would try to develop an upgraded system with the use of AI to check the credentials of email addresses and registration of URLs.

    “With an upgraded Scameter app, when users visit some suspicious websites, an alert will pop up to warn them of the risks of those websites,” said Lester Ip Cheuk-yu, chief inspector at the bureau.

    “Residents may find it troublesome to report a suspicious link or message to police. We are also trying to develop a reporting platform by the end of this year, where they can conveniently report links and messages to us.” – South China Morning Post


    Credit: The Star : Tech Feed

    Wan
    Wan
    Dedicated wordsmith and passionate storyteller, on a mission to captivate minds and ignite imaginations.

    Related articles

    ADVERTISEMENTFly London from Kuala Lumpur

    Subscribe to Newsletter

    To be updated with all the latest news, offers and special announcements.

    Latest posts