Cyber criminals continue to prey on websites with unpatched vulnerabilities and ill-protected point of sale (POS) systems to steal credentials such as personal data, credit card numbers and bank account details.

Common methods to be aware of

Fraudsters are known to use methods most commonly associated with their victim’s normal business practices - wire transfers in most cases, cheques in others. Intrusions are facilitated through a phishing scam in which a victim receives an email from a seemingly legitimate source that contains a malicious link. When the victim clicks on the link, it downloads malware, allowing the criminals unrestricted access to data, including passwords or financial account information.

Fraudsters also contact companies by email or phone pretending to be lawyers or representatives of law firms claiming to handle confidential or time-sensitive matters. Organizations and Internet users should be vigilant in strengthening their guard against the anticipated surge in cyber attacks targeting web servers, POS systems and mobile devices.

It is predicted that extortion via DDoS (distributed denial-of-service) and Ransomware will also flourish as cyber criminals are increasingly offering paid ransomware services (complete with kits for attacks on different operating systems) and managing ransom payments.

Prevention

  • Regularly assess web server security; patch any security loopholes
  • Isolate POS systems from open network to limit attack avenues
  • Regularly backup data; keep an offline copy to minimize risks of ransomware
  • Carefully scrutinize all email requests for transfer of funds to determine legitimacy
  • Know the habits of your customers, including the details of, reasons behind, and amount of payments
  • Be wary of unsolicited software or hyperlinks, and abnormal requests for credential data or change of payment account details
  • Individuals need to take steps to protect mobile devices

Computer Crimes Ordinance in Hong Kong

The main piece of legislation in Hong Kong which has been introduced against computer related crime is the Computer Crimes Ordinance. Enacted in 1993, it has, through amending the Telecommunications Ordinance (Cap. 106), Crimes Ordinance (Cap. 200) and Theft Ordinance (Cap. 210), created some new offences and broadened the coverage of existing offences, as follows:

Related Crimes - Hong Kong

Click here to view table.

Source: www.infosec.gov.hk/english/ordinances/corresponding.html

Computer crime in Hong Kong

The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) handled 4,928 security incident reports in 2015, up 43% from 2014. Phishing (1,978 cases) powered the surge, with an increase of 233%, as a result of new “flash” phishing attacks (1,375 cases, or 69% among phishing) that were launched using local web hosting services as cover. Incidents relating to mobile devices also rose by 86% to 286 cases. 

Click here to view image.

BEC Scams in the United States - US$798 million and counting

Business E-mail Compromise (BEC) scams continue to grow and evolve targeting businesses of all sizes. The FBI’s Internet Crime Complaint Center (IC3) reported a 270 percent increase in identified victims and exposed loss since January 2015. The scam has been reported in all 50 states and in 79 countries. Fraudulent wire transfers were sent to 72 countries, with the majority of transfers going to Asian banks located in China and Hong Kong.

The IC3 reports that from October 2013 to August 2015, BEC scams claimed 8,179 individual victims (7,066 in the U.S. and 1,113 non-U.S.) with a total exposed loss of US$798,897,959.25. Similar incidents identified by international law enforcement agencies during the same period bring the BEC exposed loss to over US$1.2 billion. 

Read our previous QuickStudy on Wire Transfer Fraud for practical advice for organizations and individuals as to the steps to take for recovery of stolen funds. Time is of the essence.