What you need to know as phishing events in Hong Kong hit record high
By Billy ChuangChances are that over the last few months, you have more than likely received an email from a friend to redeem some type of reward through a link and something just doesn't seem quite right. Does this sound familiar? Well, welcome to the era of phishing.
Regina Ip, lawmaker and former security minister of Hong Kong, revealed earlier this year that HK$500,000 was transferred from her bank account after she had opened an email attachment sent from her friend, who was actually a victim of phishing.
Only recently, five Hong Kong-based banks reported fraudulent emails purporting to be related to their companies – that works out to be one to two attacks per week!
For those who aren't sure of what this is – phishing is a malicious attempt to trick unsuspecting users into volunteering information, often with fraudulent websites or emails.
A recent example of this is through the spear-phishing attack that was reported by Ashley Madison – an online dating service and social networking service for married users, where hackers stole 36 million records from the company and members can be vulnerable to click on emails that threaten to publicise their membership online unless they pay a ransom.
Some commonly used phishing tactics include key-logging, form-grabbing, and other spyware. Meanwhile, there has been growth in the use of counterfeit websites designed to look like legitimate log-in pages.
In Hong Kong, it has been reported that the number of phishing events increased dramatically by 168% to a record-high 7,836 in Q2 2015, according to the Hong Kong Computer Emergency Response Team Coordination Centre. This is concerning considering that the government has warned the wider public to take extra precaution with security in 2015.
It seems that even though more incidences are being reported, people seem to be more focussed on getting access to information via the Internet and discarding the red flag with potential security breaches of data and their own personal information by hackers.
A similar red flag can be seen for large companies such as the Sony Pictures Entertainment hack last year that started with phishing emails targeting the company's employees. The impact on its business is evident with the financials for Q1 2015 stating the entertainment giant had to set aside USD$15 million to deal with ongoing damages from the data breach.
Consumers need to start taking the right steps to protect their data and personal information against phishing or open themselves up to reputational or financial loss. Companies, institutions, and agencies alike should also educate employees to avoid clicking links in emails and instead, enter web addresses directly.
Users should also stay alert when websites ask for personal information or credentials, as the attacks have become progressively more sophisticated making one-time passwords an insufficient approach to ensure data security.
A key takeaway here for both individuals and organisations is to proactively implement security measures to safeguard the information sitting behind Internet facing apps to protect their customers and employees from cybercrime and long-term financial losses.
These types of precautions can be simply through using a multi-layered approach to enterprise security, for example, detection of abnormal web performance with web fraud protection or two-factor authentication with banking transfers or online purchases.