Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Phishing Attack Aimed at Hong Kong Taxpayers

First published: 24th May 2018

Phishing emails claiming to be from Hong Kong's Inland Revenue Department (IRD) have been received by a number of people in Hong Kong.

The message, with sender's address referred to changes in the 2018-2019 budget, and asked the recipient to update their tax information using the attached pdf. The attached pdf, called UPDATE-TAX.pdf, uses the same design as the real IRD website, and has a "Log In" button which is a link to . The web page also copies the IRD website, and a log in form asking for email address and password. If details are entered, the fake page redirects to the real IRD page.

This is the second incident this year involving an IRD-branded phishing attack, the first, at the beginning of March, claimed to offer a tax refund. The fraudulent messages could have been prevented from reaching at least some recipients if the Hong Kong Government had changed its SPF policy to '-all', a hard fail, as recommended in our previous article.


IRD phishing emailIRD phishing email hi-res
IRD phishing PDF attachmentIRD phishing PDF attachment hi-res
Fake IRD webpageFake IRD webpage hi-res

More Information