Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Hong Kong Monetary Authority (HKMA) recently announced that Web sites mimicking the official HKMA site, along with e-mails and phone messages claiming to be from the HKMA, are being used to trick victims into giving up sensitive information (h/t Softpedia).
"These websites, and email and telephone messages often claim to offer banking or other services or request information such as account details, personal identification details and passwords, or tell the recipients that they have won a lottery and must deposit an advance fee into a designated bank account in order to receive the prize money," the HKMA said in a statement. "We believe that these websites, and email and telephone messages are involved in fraud or identity theft and we have reported them to the police."
In a statement, the HKMA explained that as a central banking institution, it doesn't provide any form of banking services to individuals or companies, and it doesn't serve as a representative of any financial institutions -- and it therefore would never ask people to disclose or confirm their personal or financial data.
According to MX Lab, one sample of the e-mails in question states, "The following is issued on behalf of the Hong Kong Monetary Authority. Attached is the invoice (Invoice_3604196.zip) received from your bank." The attached zip file, of course, is a Trojan, not a bank invoice.