Gallery
Fake Corporate Finance (D.T.C.) Limited website hi-res
Real Corporate Finance (D.T.C.) Limited website hi-resUpdated: 04th May 2016
In a PDF dated 29 April 2016, Corporate Finance (D.T.C.) Limited has issued a warning about a fraudulent website, www.cfdtcltd.hk, using their name, saying they had reported the incident to the Hong Kong Monetary Authority (HKMA) and the Police. The HKMA issued a press release about the incident on 3rd May 2016. The fraudulent website remained active at the time of writing.
Victims should contact Corporate Finance (D.T.C.) Limited at (852) 2832 0180 Gloria Yu and the Cyber Security and Technology Crime Bureau of the Hong Kong Police Force at 2860 5012.
Two features stand out in this incident: the inconsistent attention to detail in the fraud and the delay in effective action by the authorities.
The objective of the fraudulent site appears to be capturing customer login credentials, there is a prominent link to an "Online Banking Portal" that collects the account number and password. Comparing the real and fake websites, it is difficult to believe that any customer would be fooled. The real site is in Chinese, with no English, and the fake site is in English with no Chinese, and the corporate branding is entirely different. However, the contact details of the fake site use the real Company Registration number of Corporate Finance (D.T.C.) Limited and a likely Hong Kong address. Why did the fraudster bother to get details that most people wouldn't check correct, and neglect to copy the corporate branding? This suggests that the fraudster was doing the same for a large number of financial companies, perhaps working from a list that provided the names and registration numbers. The email address provided in the whois record for the cfdtcltd.hk domain is jp-morgan0110@outlook.com, which suggests the domain owner was also involved with a scam targeting JP Morgan customers. If this is the case, there may be many more fraudulent .hk domains registered by the same person, and HKIRC should investigate the holding account, HK5017218T and consider suspending any domains found to be suspicious.
Assuming Corporate Finance (D.T.C.) Limited issued their warning on 29 April, and the GIF of the warning on their website has the modification timestamp, "Friday, April 29, 2016 PM05:41:17 HKT", so the claim appears to be true, then why did it take HKMA four days to issue their warning, and why is the domain still accessible, when it is a .hk domain that HKIRC has the capability of suspending? Also, the whois record for the domain reveals it was registered on 12-10-2015, so it is likely that the fraudulent site has been operating for half a year. There is clearly a lot of room for improvement in responding to online fraud.
