E-mail scams have emerged in an endless stream. In the first 11 months of last year, Hong Kong recorded 14,602 technology crimes with a loss of 2.747 billion, of which 512 and 1.4 billion were email scams.
The police analyzed criminal methods and found that fraudsters would use fake emails very similar to those of the target company's customers, including "l to 1", "b to d", "o to 0", "s to z", etc. There were companies in the past As a result, they fell into the trap and lost more than 10 million yuan. The scammers may even use a completely different email address, but change the "sender display name" to a business partner. If the staff involved is not careful, it is easy to remit money to the scammer according to the instructions. Designated account.
The police and the University of Hong Kong jointly launched the "Suspicious Email Detection System" V@nguard. Whenever a company receives a new email address that it has never received, the system will warn the company to ask for verification. Employees can mark suspicious emails as spam. Employees will no longer display relevant emails in the "Inbox" to reduce losses caused by human negligence.
The police cooperated with the University of Hong Kong to launch the "Suspicious Email Detection System" V@nguard, which compares the email addresses received by companies with past emails. When an employee receives a new email address, the system will display a red warning.
(Photo by Kong Fanxu)
Subsidiary receives 150 million yuan in fake e-mails from the parent company's senior executives
In the first 11 months of last year, Hong Kong recorded 14,602 technology crimes, an increase of 25% over the same period last year. Among them, 512 email fraud cases were recorded, with losses exceeding 1.4 billion yuan, accounting for half of the overall technology crimes.
The biggest loss this year occurred in October. A subsidiary received an email from an overseas parent company's "accounting department senior" instructing the subsidiary to remit funds to 4 designated accounts in 11 times, involving 150 million yuan. The subsidiary subsequently After being deceived, the police have arrested one person and the case is still under investigation.
Use the same "sender display name"
Chief Inspector of the Cyber Security and Technology Crime Investigation Division, Zhang Weihao, pointed out that about 70% of the victims of email scams are small and medium-sized enterprises, mainly related to insufficient computer security measures, lack of professional personnel to implement cyber security settings, and weak employee awareness.
Zhang Weihao said that the common criminal method used by scammers is to use very similar fake emails, such as "l to 1", "b to d", "o to 0", "s to z", discarding the user name and email key From March to June last year, an engineering equipment company received an e-mail from a "business partner" requesting remittance, but the e-mail address changed from s to z. The staff did not cheat and deposited 17 million yuan into a new account.
Zhang Weihao also pointed out that scammers would also use the same "sender display name" to deceive. In January last year, a staff member of an environmental engineering company saw the email sender's name as his business partner and did not pay attention to the relevant email address. It is completely different from authentic emails. You will only be deceived if you transfer 5 million yuan to a new account.
SMEs encounter Harris pretending to be Harry
The chairman of the Small and Medium Business Committee of the Hong Kong General Chamber of Commerce said that fake emails are difficult to handle with the naked eye. Employees process a large number of emails every day and it is difficult to check them one by one. He said that SMEs have reported that scammers know the operation of the company well and know when the company will be. When dealing with customers, they pretend to send e-mails requesting remittances. "It is often difficult for Hong Kong people to understand all the names of foreigners. For example, Harris is pretended to be Harry, which is just one or two letters different, but it is misleading."
The "Suspicious Email Detection System" V@nguard compares the email addresses received by the company with past emails. When an employee receives a new email address, the system will display a red warning.
V@nguard helps identify suspicious emails
The police and the University of Hong Kong jointly launched the "Suspicious Email Detection System" V@nguard, which compares the email addresses received by the company with past emails. When an employee receives a new email address, the system will display a red warning. If it is suspicious, you can put it in the "spam list". After that, all employees of the company will no longer see emails from this suspicious address in their inboxes.
Senior Superintendent Huang Zhenyu of the Cyber Security and Technology Crime Investigation Bureau reminded that if employees find suspicious fake emails, they should call their business partners for verification as soon as possible. The first phase of V@nguard was launched on the 10th of last month. "Web page download.
Professor Yao Zhaoming of the Department of Computer Science of the University of Hong Kong emphasized that V@nguard will never transfer company data to the University of Hong Kong or the police, so there is no privacy problem. The team is studying the future expansion of the Linux operating system on the email server running on Windows and Mac users.
Beware of scams│HEC once again urges users not to open and fill in their personal data to prevent fraudulent refund emails and fall into the "Immigration Company" email scam. The woman in Wan Chai was approached 700,000 yuan, the only foreign domestic helper quarantined the hotel as soon as it opened. The intermediary relied on email Reservations are not transparent: the process is so messy. Commercial email scams become new threats. LinkedIn, DHL and Microsoft are most often impersonated