Local phishing websites up 524% QoQ in Q2

This translates to over 5,000 unique domains.

The number of local phishing websites in Hong Kong rose 524% QoQ in Q2, a report by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) revealed.

This means there were 5,033 unique domains or URLs that have been involved in phishing events from April to June.

According to the report, phishing is a form of social engineering attack by impersonating a known associate or a legitimate website to defraud.

"Phishing attacks are mostly launched via emails or instant messages. These days the attacks will combine different techniques such as fake QR code, chatbot, exploitation of system vulnerability, that aim to lure their victims into providing sensitive information or installing malware," the report said.

READ MORE: Bill strengthening Hong Kong’s cybersecurity underway

HKCERT said most of the phishing sites which popped up in Q2 were similar, meaning hackers may have "used automated tools to generate and register a large number of domains and set up phishing websites in a short period."

"As phishing attacks become rampant, apart from raising the awareness of employees to identify the characteristics of such attacks, a comprehensive incident response procedure also plays an important role in case of any unsuspecting employee falling victim to them," the report said.

Apart from phishing, the report said there has also been a rise in other security-related events involving bots (+21% QoQ). 

Overall, security-related events rose 94% YoY in Q2.