Hong Kong people should take stronger ownership on personal data and stay vigilant against social engineering traps which have become increasingly rampant in the online space.
That was a key message of a new HSBC survey which revealed that over 80% of Hong Kong’s population have been the target of attempted fraud. Among these fraud targets, 26% have fallen prey to scams and suffered an average financial loss of HK$3,800.
Andrew Eldon, head of Digital, Wealth and Personal Banking, Hong Kong, HSBC, said: “The findings align with our observation that Hong Kong people have increasingly adopted a digitised lifestyle, whether it be shopping online or finding a soulmate.”
He attributes the increased success of these scams to more people spending time online as a result of the COVID-19 outbreak. “It also makes them more susceptible to scams, especially those associated with the use of social engineering techniques to manipulate victims and get them to share personal information or make a money transfer,” he added.
Fraudsters milking COVID-19
Romance and digital payments scams caused the heftiest monetary loss, swindling an average of HKD4,100 (the highest among all fraud scenarios) and HK$2,500 respectively from victims.
Overall, 26% of surveyed population were the target of attempted digital payment scams, which eventually victimised 13% of survey respondents, the highest among all fraud categories. When it comes to romance scams, one in three respondents have been the fraud targets, with 7% of surveyed population suffering a financial loss.
The survey finds that bogus calls (72% and scammers impersonating officials (64% are the top two most common scams in Hong Kong, having tricked over HKD1,000 on average from one in ten of the survey respondents.
It is worth noting that social engineering techniques are commonly used in many of the fraud situations, whether it be developing a romantic relationship with victims or exploiting human tendency of obeying authority figures.
Beyond just money
While not all respondents have suffered from monetary loss, the survey indicated a general negligence among victims, who have put themselves at risk by casually sharing personal and banking related information.
To put it into context, a fraudster only needs to collect a combination of personal information – online banking credentials (i.e. username and passwords), recent photos, one-time password (OTP), date of birth, email address and HKID – in order to complete a fraud transaction.
The survey emphasises that two key pieces of information - online banking credentials and OTP should never be shared with unverified individuals. Sharing either of these can double the risk of fraud. Interestingly, 48% of respondents shared OTP with other parties during the last 12 months, while 38% provided their online banking credentials.
Demographics of victims
By age categories, Gen Z (18-24 years old) respondents appear to be digitally knowledgeable but more vulnerable to digital payments and jobs scams, in which they have a stronger tendency to share important personal information.
Gen Y (25-39 years old) are more prone to romance scams because of their willingness to share HKID, OTP and bank account numbers with their online partner. Gen X (40-55 years old) are more easily victimised by impersonation scams and bogus calls.
Eldon concluded: “Fraud is as prevalent as it is preventable. It is important to check the identity of whom you are interacting with and think twice before sharing any personal information or making a money transfer. By offering your information, you will leave your digital footprint and create a weak link for fraudsters to pull social engineering techniques on you. It is also too late for a U-turn once you have initiated a money transfer.”