Scammers have cheated more than 100 Hongkongers out of HK$2.2 million (US$283,000) since November through phishing text messages and emails purporting to be from Hongkong Post, while demand for delivery services during the coronavirus pandemic surged.
Many of the fake messages told victims they had a parcel delivery pending but the recipient address was incomplete, according to the police’s cybersecurity and technology crime bureau. Scammers then directed victims to a controlled website and asked for a postal fee of a few dollars.
“Scammers were not after such a small amount of money, but instead the credit card details provided by the victims,” Superintendent Terry Cheung Tin-lok said on Tuesday. “Then the culprits used the stolen data to go shopping.”
Police had received reports from 120 victims who had lost a total of HK$2.21 million since November. In the single largest case, a 39-year-old man lost HK$75,000 in January after falling for a trap similar to the phishing email scam. Not knowing who had sent the parcel, the victim paid the “delivery fee” with his credit card. The next day he received a call from his bank notifying him four online transactions totalling HK$75,000 had been made with the card, prompting him to alert police.
Kenneth Wu Pak-kin, Hongkong Post’s director of operations, said the city’s postal service would not send a text or email notification to anyone. Instead, a postal worker would leave a mail collection notification card at a person’s home address if delivery failed.
“If the address is wrong, the mail would be returned to the sender,” Wu said. “Hongkong Post does not request anyone to confirm nor provide mailing address through emails, social media or SMS. We also do not ask for tariffs on behalf of customs or postal services of other jurisdictions.”
Bureau head Frank Law Yuet-wing suspected that victims were easily lured into the scams by the small amount of money requested. The pandemic had also made people rely more heavily on postal service for daily necessities and online shopping, he said.
Both Law and Cheung also warned people to remain vigilant over scams reported overseas in which criminals asked victims for payment or bank details for a Covid-19 jab that was supposed to be free.
According to the government’s Hong Kong Computer Emergency Response Team, the number of reports it received about network security incidents dropped 12 per cent to 8,346 last year. Among them, 42 per cent, or 3,483, involved phishing websites, representing a 35 per cent increase compared to 2019. The force’s cybersecurity and technology bureau had removed 183 such websites since October.