In a crackdown on phishing syndicates that used 563 bogus mobile applications to spy on phones throughout the world and steal information from them, police in Hong Kong have taken down a local operation of an international group of fraudsters.
Senior Superintendent Raymond Lam Cheuk-ho of the force's cyber security and technology crime bureau told the News that officers tracked down 258 servers around the world that were connected to the apps.
Last February, Interpol and the Department of Homeland Security (DHS) began an 11-month joint operation that was codenamed "Magic Flame."
As a result of this attack, there has been a rise in cybercrime across the world. As a result, some victims have lost their life savings as hackers gained access to their bank accounts and stole their personal information.
Among those apps, Lam described were those planted with trojans and impersonating businesses like banks, financial institutions, media players, dating and camera apps, among others.
Cybercriminals kept switching between different servers, some in Hong Kong and others elsewhere. The reason for this was to protect the city's 192 servers from detection.
Upon discovering that subscribers to those servers were individuals who had set up their online accounts, The Post learned that they were individuals who lived on the Chinese mainland, the Philippines, and Cambodia.
Hackers are using SMS messages resembling official messages and directing recipients to visit a link in phishing SMS messages that appear to be from official sources.
Upon clicking the link, the recipient will download the fake applications to their smartphone. If hackers were able to exploit this, they would be in a position to steal the personal information of their victims. This includes their bank account details, credit card numbers, addresses, and photos.
There would be servers in Hong Kong and elsewhere that would receive such data before it was transferred to another 153 servers located in other areas of the world.
Wilson Fan Chun-yip, a superintendent at the cybercrime bureau, told the newspaper that the criminals could use the stolen data to make payments and shop online for victims via their accounts.
Hackers can access all emails, texts, and voice messages, as well as listen to audio recordings and track the location of their targets. They were able to get a glimpse of the contents of their victims' smartphones by turning on their phones and listening to their conversations and eavesdropping on their conversations.
According to the investigation, the servers contained the personal information of 519 people, mostly from Japan and South Korea, who owned cell phones that were stolen from different countries. Reports indicate that none of the victims were from Hong Kong.
It is believed that an offshore gang was involved in this crime. This gang took advantage of the city's internet network to carry out its illegal activities,” Lam said at a press conference.
However, no arrests were made in the city in addition to the incident. However, the police identified some suspects and reported their information to the relevant overseas law enforcement agencies through Interpol.
After the joint operation with Interpol, Lam believed the syndicate had ceased its unlawful activities.
There were 473 phishing attacks reported to Hong Kong police in the first ten months of last year, resulting in HK$8.9 million (US$1.1 million) in losses for the Hong Kong Police Department. An individual case resulted in a loss of HK$170,000 from a single transaction.
According to the FBI, over the past three years, there have been 18,660 reports of cybercrime, a two-fold increase compared to 13,163 cases reported in 2021. Victims reported losing over HK$2.65 billion in losses due to the storm and also lost HK$1,985 million in property damage.
A sevenfold increase in technology-based crimes was observed in Hong Kong between 2011 and 2021, according to the police.
Cybercrime reports jumped from 2,206 in 2011 to 16,159 in 2021, while the amount of money jumped 20 times to HK$3.02 billion in 2021.
In an email or text message, police encourage the public to stay alert. They also urge the public to ensure they do not click on any hyperlinks embedded in the email or text message. This can lead to a suspicious website or app. Furthermore, they urged the public to download only apps from official app stores and not from third-party websites.
A search engine called "Scameter" was introduced by police to combat online and telephone fraud last September, accessible on the CyberDefender website, where the search engine may be used for free.
A user can use the Scameter to check whether the risks of receiving suspicious telephone calls, making friend requests, advertising jobs, or visiting investment websites are worth it to them.
