RegStream

Date: 16 January 2025 

Fraud Enquiries Soar by Over 40%

Privacy Commissioner’s Office Offers Six Tips to Prevent Fraud

The Office of the Privacy Commissioner for Personal Data (PCPD) received 1,158 enquiries relating to suspected personal data frauds in 2024, which represented an increase of 46% when compared to 793 similar enquiries in 2023. The PCPD also noted the emergence of various types of scams, all of which aimed at swindling citizens out of money and/or personal data. These include:  

Fraudulent Recruitment Advertisements Scams

Fraudsters would take advantage of the victims’ desire to pursue work opportunities abroad or earn quick money by using fraudulent online recruitment advertisements to lure them into providing their personal data for engaging in unlawful activities. Some of them had even been lured to cities in Southeast Asia, where they were detained and forced to carry out fraudulent work.

Scams Using Instant Messaging Applications (Apps)

Recently, scams involving the hijacking of accounts on instant messaging apps reappeared. The scammers hijacked the victims’ accounts and impersonated them to send messages to the contacts contained in their address books, aiming to swindle the victims out of money and/or personal data.

Scams by Counterfeit Customer Service Agents/Online Auction Platforms

Fraudsters impersonated customer service agents of e-wallets or banks and fraudulently claimed that the victims’ insurance policies had expired and that monthly premiums needed to be paid. When the victims indicated that they did not have the relevant insurance policies, fraudsters would pretend to help them cancel the policy to avoid the deduction of premiums, and then enticed them to provide information on their bank accounts, the amount of money deposited, and their personal data. Finally, they would ask the victims to transfer all of their money to a designated account for “account unlocking”.

Fraudsters first posed themselves as buyers on online auction platforms and claimed to have paid through the payment function of the relevant platforms. They then contacted the victims by email, posing as the platform, to solicit their personal data, online bank account names, passwords and one-time passwords, etc. in order to receive the payment, with a view to transferring the victims’ bank deposits.

SMS/Email Scams

Fraudsters sent out phishing SMS, falsely claiming that victims’ reward points were about to expire under membership reward schemes. They induced the victims to click on the embedded hyperlinks, which led them to fraudulent websites to redeem rewards so that the fraudsters could obtain the victims’ credit card information and personal data.

Fraudsters pretended to be government officials, government departments or public bodies and disseminated fake messages through instant messaging apps or fraudulent emails to deceive people for money and/or personal data.

Telephone Scams

Fraudsters called victims in the form of pre-recorded voice messages (including Putonghua voice messages), falsely claiming that they were staff of courier companies or law enforcement officers from the Mainalnd and the victims were involved in criminal cases. They then forwarded the calls to other bogus Mainland law enforcement officers, who showed the victims forged wanted warrants. Fraudsters would then ask the victims to provide personal data (e. g. online banking usernames and passwords) or transfer money to designated bank accounts as guarantee money.

Scam Videos Using Artificial Intelligence (AI) Deepfake Technology

Fraudsters manipulated public footages, used the photos or audio recordings of government offcials or celebrities to produce videos using AI deepfake technology to deceive people into investing in fake investiment schemes.

Fraudsters obtained the biometric data of other people, such as their facial images and voice, through social media, video calls or online public footages, to create videos using deepfake technology and impersonated victims’ friends, relatives or colleagues, or pretended to be interested in developing a relationship with the victims, to swindle money and/or personal data.

Scams on Social Media Platforms

Fraudsters created fake pages on social media platforms pretending to be selling Lunar New Year products, investment or travel agencies and advertised special offers, attracting victims to click on the hyperlinks to make enquiries in order to defraud them of their money and/or personal data.

As the Year of the Dragon draws to a close, the Privacy Commissioner for Personal Data (Privacy Commissioner), Ms Ada CHUNG Lai-ling, appeals to members of the public and organisations to be aware of various forms of fraudulent tricks, particularly those involving fraudulent recruitment advertisements and AI deepfake technology, and offers six tips to safeguard personal data privacy:

Be vigilant: Think twice before providing any personal data, verify the purpose of collection of such data and whether it is mandatory to provide them. Do not disclose personal data to others arbitrarily, avoid clicking or scanning suspicious links and QR codes, and do not log into any suspicious websites;

Authenticate the identity of callers: Even if the caller makes a video call or can provide your personal data, if you are in doubt about their identity, you should verify the authenticity of the caller or relevant organisations through other contact methods;

Keep an eye on your accounts and transaction records: Regularly check online banking for any unusual log-in activities, unauthorised transfers or transactions in your bank accounts or credit cards;

Password protection: Change the passwords of online banking accounts from time to time and enable two-factor authentication (if available). Never share passwords with anyone;

Smart use of social media and instant messaging apps: Minimise the sharing of biometric data, such as portrait photos and videos, on social media platforms and instant messaging apps, and review the relevant default security and privacy settings; and

Fraud prevention information: Pay attention to the fraud prevention information published by the PCPD, the Police or relevant organisations. Share the information with friends and relatives (especially the elderlies and youngsters) to enhance their awareness of fraud prevention.

Anyone who suspects that his/her personal data has been leaked may make enquiries or lodge complaints with the PCPD (“Personal Data Fraud Prevention Hotline”: 3423 6611 or email: communications@pcpd. org. hk). If there is any suspicion of fraud on personal data which involves criminal offence(s), they should immediately report the case to the Police. Citizens may also visit “Scameter” (https://cyberdefender. hk/en-us/scameter/) to check suspicious phone numbers, email addresses and websites, etc.

The Privacy Commissioner, Ms Ada CHUNG Lai-ling, appeals to members of the public and organisations to be aware of various forms of fraudulent tricks, particularly those involving fraudulent recruitment advertisements and AI deepfake technology. -End-