HKCERT Security Tips: Beware of Fake Chatbot Phishing Attacks

(Hong Kong, 2 June 2022) Phishing attacks continue to be rampant with the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council having received over 1,200 such incident reports in the first five months of this year. Earlier, it also warned that the types of phishing attacks in the coming future will become more diverse. Apart from through emails or instant messages, it would also combine voice, Deepfake and QR code to make the phishing scam look more legitimate. According to a recent report by U.S. email security companies Agari and PhishLabs, vishing (voice phishing) cases in Q1 2022 have gone up almost 550% when compared with the same period in 2021. Everyone should stay alert to these kinds of attacks.

Besides, another U.S. cyber security company Trustwave recently reported an attack case using a fake chatbot. It combined with a fake security mechanism of Captcha to steal the victim’s email, address, credit card information and SMS one-time password at the same time. The form of the attack is as follows:

(1) The victim receives a phishing email from a well-known logistic company with a link to a fake website;

(2) After entering the website, a chatbot will tell the victim that a label of his parcel is damaged and ask for the delivery address;

(3) It tricks the victim into entering the email address and portal address after showing a fake security check of Captcha to boost credibility; and

(4) Ultimately, it redirects the victim to a fake website to capture the credit card information as well as the SMS one-time password.

Check Also

Nobel Laureate Kailash Satyarthi calls for Global Compassion in Action

· Satyarthi urges Youth to hold candle of compassion to seek change in the world …