Picture this: while casually watching TV at home one night, you hear your mobile phone ring. You look at the screen and a number starting with "+852" shows up on the display.
You pick up and the person calling addresses you by your surname and tells you they work for the government. "We suspect you're involved in illegal money laundering activities. We need your personal details, bank account information and passwords for our investigation."
Understandably, you start to panic - the caller seems to be making so much sense. After all, they're calling on behalf of the government, so surely this is a call from an authority you were always taught to respect? To prove your innocence, would you give the caller the information they asked for? Or will you take a minute to gather your thoughts, calm down and make a call to the relevant government office or the bank to confirm the caller's actual identity? The bank would be able to verify whether your accounts or financials have been accessed.
You're not the only one getting such fraudulent calls. If in a state of panic, you handed over your personal data to the caller impersonating a government official, you can fall prey to a phone scam.
Our latest cybersecurity survey1 reveals that more than 80% of Hongkongers have been the target of fraud, among which 26% have already fallen prey to scams and lost an average of HKD3,800 as a result. 10% of survey respondents said they have lost over HKD1,000 on average to phone scams, together with the government imposter scams that we just talked about, they're just about the 2 most common types of fraud in Hong Kong.
Our survey findings show Generation X (individuals aged 40-55 years old) is more compliant towards authority, which then makes them more susceptible to phone scams and government official impersonation, compared to digital payment, romance and job scams, and identity theft.
That's a common mindset a lot of people have, but is it really safe for you to make such an assumption? You may think you won't be part of the 10% who gave out whatever private information the caller asked for. But what if the 'official' asks for your full name and date of birth to assist them in their money laundering investigations?
Experienced scammers know how to get what they want even if they're faced with an initial refusal, so it's likely the caller would ask more questions to push you to disclose more personal details so they can 'confirm your identity'. By the time you've realised you have talked too much and shared too much, it'd probably already be too late.
Besides, are you really sure you've never carelessly or accidentally shared your personal data and identity digitally? Remember, every time you shared or told someone your personal information online, you're creating a digital footprint, making yourself more vulnerable to such social engineering attacks. To find out more about how social engineering scams work and how to protect yourself from them, here are some helpful resources you can read:
- Don't give away any sensitive details to strangers:These include your online banking credentials and one-time passwords (OTPs). Sharing such information increases your chances of financial losses by 2X and 1.5X, respectively
- Pay attention to the number showing up on your phone:Phone numbers starting with a "+" originate from overseas, so if the number contains a "+852" prefix, it's most likely a spoofed number and not a local call
- Confirm the identity of the caller with the relevant government department, your bank or whatever company they're claiming to call from:Email, call or visit official websites to verify if the caller is who they say they are
- Don't overshare your personal details on social media:Scammers can easily piece together a story from the information you share on your social media accounts and then use these details to build a scam against you
- Activate two-factor authentication (2FA):Use multi-factor or biometric authentication to incorporate more security for your devices
Scammers are usually well-versed in playing psychological games and creating elaborate schemes to trick you, so if you get any call that makes you suspicious at all, the rule of thumb to follow is to keep calm and just hang up.
To find out more about the biggest cybersecurity threats other age groups face so you can empower the people you care about to protect themselves, here are some articles that are a great place to start:
- Gen Y (aged 25-39): How to protect your heart (and bank account) from romance scams
- Gen Z (aged 18-24): How to stay safe from job scams
If you think you've already experienced a scam, don't wait any longer and report it to us immediately.