Police sound alarm over rise in scams tied to WhatsApp
Resurgence of fraud in first quarter led to losses exceeding HK$20m, cybersecurity bureau says
Police have warned of a resurgence of scams involving fraudsters hijacking victims’ WhatsApp and other messaging accounts, with losses exceeding HK$20 million in the first quarter of this year.
The force’s cybersecurity and technology crime bureau called the spike “worth the public’s concern” and pledged to combat the trend by pursuing more intelligence-driven operations, fostering international cooperation and stepping up education.
The bureau recorded 864 cases between January and last month where users had their messaging accounts hijacked, resulting in losses of HK$20.4 million. More than 90 per cent of the cases involved WhatsApp accounts.
“We saw a gradual drop in cases after police intensified enforcement and publicity efforts [since late last year]. But we discovered cases showed signs of a resurgence recently,” Senior Superintendent Leung Oi-lam told a press briefing.
Police noted that between August and December there were 3,137 cases involving the hijacking of messaging accounts, with scammers stealing more than HK$65 million.
The number of cases a month had fallen to double digits towards the end of last year, prompted by police stepping up efforts to combat scammers.
But cases have increased again this year, rising from 99 in January to 207 in February, before reaching 558 last month. All but one of the incidents in March involved WhatsApp accounts, with the other linked to the Telegram platform.
The single biggest loss was recorded in February, when a businessman in the dining industry was tricked into transferring HK$1.48 million to scammers.
“The methods adopted by online fraudsters recently are actually nothing new,” the bureau’s Chief Inspector Leung Yee-tak said.
He said scammers usually pretended to be customer service officials for WhatsApp, sending phishing messages with fake websites that asked users to submit their phone numbers and inputting a code granting the swindlers access.
Once the swindlers had access, they would target people on the users’ contact lists, posing as their relatives or friends asking for money and hijacking more accounts to repeat the cycle, he said.
“Police have also noticed that the fake websites have undergone multiple variations due to the low cost of registering a domain,” Senior Superintendent Leung said, adding more than 300 fraudulent links were found in the first quarter.
Gan Kok-tin, from cybersecurity and privacy practice at accounting firm PwC, said scammers could also access users’ accounts if victims logged onto fake websites appearing on search engine results with the “sponsor” tag.
Gan, who took part in the police briefing, said differences between WhatsApp’s real page and fake ones included where the logo was placed and missing words on the phoney sites or their link text.
Chief Inspector Leung said: “There are actually no specific targets by these scammers. They just send out mass messages. So if victims are not careful enough, they will fall prey to this kind of scam.”
He said most victims had told police they had little knowledge about some of the deceptive techniques employed by fraudsters.
Asked whether anyone had been arrested for the cybercrimes in the past three months, Leung said the force had no such data. He also pointed to the low detection rates for technology-related crimes over the past 10 years, ranging from 7.6 per cent to 17.4 per cent.
He said the main reason for the low detection rate was that many of the websites and social media platforms residents commonly used involved overseas service providers, which had not been able to provide sufficient help to police investigations.
“Police will continue to engage in close collaboration with law enforcement agencies and stakeholders from various jurisdictions, focusing on intelligence-led initiatives to undertake coordinated cross-border operations,” Leung said.
The chief inspector urged residents to remain vigilant and make good use of anti-fraud tools provided by the force, including the “Scameter” search engine and mobile app, to check for suspicious or fraudulent activity.
The Scameter mobile app has been downloaded more than 390,000 times with over 3 million searches, according to police.