First published: 03rd October 2016
The Hong Kong Monetary Authority (HKMA) and the Bank of China (Hong Kong) (BOCHK) have issued warnings about phishing emails targetting the bank's customers. The email, supposedly from firstname.lastname@example.org, instructs customers to follow a link (http://bocn-hks.com/home/) to a fake BOCHK homepage where a "login" link leads to a page asking for the account number and PIN.
Victims should call BOCHK Customer Service Hotline (852) 3988 2388 and the Cyber Security and Technology Crime Bureau of the Hong Kong Police Force at 2860 5012.
BOCHK advised its customers that it would not send out emails or SMS messages, or call customers asking them to call back or log into the website/Mobile Banking for system upgrade, or to provide or verify their personal information (including their passwords). It also advised customers to type the web site address of BOCHK (www.bochk.com) into the browser address bar, or download the BOCHK Mobile Application from official App stores or trustworthy sources. Customers should not access their accounts or provide their personal information (including passwords) through links or attachments embedded in emails or from websites.
Allan Dyer, Chief Consultant of Yui Kee Computing Ltd., asked, "Why didn't BOCHK advise customers to use TLS, with https:// on the link, and check the certificate? This would give customers additional assurance that they had connected to the real BOCHK website."