By South China Morning Post | Created at 2025-01-24 13:36:29 | Updated at 2025-01-24 20:45:41
7 hours ago
Hongkongers should beware of fake internal company emails and communication from business partners to avoid phishing scams, police and technology firms have warned, after a drill exposed the risks.
Superintendent Baron Chan Shun-ching of the force’s cybersecurity and technology crime bureau said an exercise carried out from last August to December involving 216 companies found that a fake human resources department survey received the highest rate of clicks from workers.
The drill, organised by police and government-designated domain registration service provider the Hong Kong Internet Registration Corporation, tested 37,220 employees across the participating companies with four templates of common phishing emails. Any clicks into the phishing templates would be counted.
“Employees tend to lower their guard when facing internal emails from within the company,” Chan said.
“They will think it’s urgent and there’s a need to keep their managers informed.”
Among four types of phishing emails sent to employees, a fake human resources department survey request was clicked on by 9.5 per cent of participants.
That was followed by a fake bank account safety alert email, which 4.2 per cent of participants clicked on. A fake IT department system testing request and a sham update request from video conferencing software were opened by around 3 per cent of participants.
