Hong Kong police are raising the alarm over a resurgence in fraudsters hijacking WhatsApp accounts

“We saw a gradual decline in the number of cases after police intensified enforcement and publicity efforts (since late last year). But we recently discovered that the cases were showing signs of a resurgence,” Chief Inspector Leung Oi-lam told a news conference on Friday.

Police noted that there were 3,137 cases of messaging accounts being hijacked between August and December, with scammers stealing more than HK$65 million.

The number of cases per month fell to double digits by the end of 2023, after police stepped up efforts to combat scammers.

But the number of cases has gradually increased again this year, from 99 in January to 207 in February, before reaching 558 last month. All but one of the incidents in March involved WhatsApp accounts, while the other was linked to the Telegram platform.

The biggest loss was recorded in February, when a hospitality businessman was tricked into transferring HK$1.48 million to scammers.

“The methods recently adopted by online fraudsters are actually nothing new,” said bureau Chief Inspector Leung Yee-tak.

He said scammers commonly pretended to be WhatsApp customer service representatives, sending phishing messages through fake websites that asked users to enter their phone numbers and enter a code that gave the scammers access.

Once the scammers gained access, they targeted people on the users’ contact lists, posing as their relatives or friends asking for money and hijacking more accounts to repeat the cycle, he said.

“Police have also noticed that the fake websites have undergone multiple variations due to the low cost of registering a domain,” said Chief Inspector Leung, adding that more than 300 fraudulent links were found in the first quarter.

Gan Kok-tin, of the cybersecurity and privacy practice at accounting firm PwC, said scammers can also gain access to users’ accounts if victims log into fake websites that appear in search engine results with the tag “sponsor.”

Gan, who took part in the police briefing, said the differences between the real WhatsApp page and the fake pages included the location of the logo and missing words on the fake sites or their link text.

Fraudsters are posing as HKMA to separate Hong Kongers from their money via WhatsApp

Chief Inspector Leung said: “There are actually no specific targets of these scammers. They just send out mass messages. So if victims are not careful enough, they will fall prey to these types of scams.”

He added that most victims had told police they had little knowledge of some of the deceptive techniques used by fraudsters.

When asked if anyone had been arrested for the cybercrime in the past three months, Leung said the force had no such data. He also pointed out the low detection rates for technology-related crimes over the past decade, ranging from 7.6 percent to 17.4 percent.

He said the main reason for the low detection rate was that many of the websites and social media platforms that residents commonly use involved foreign service providers, who had not been able to provide sufficient assistance to police investigations.

“Police will continue to work closely with law enforcement agencies and stakeholders from different jurisdictions, focusing on intelligence-led initiatives to conduct coordinated cross-border operations,” Leung said.

Hong Kong police warn WhatsApp scams are on the rise after 130 people were duped in one week

The Chief Inspector urged residents to remain vigilant and make good use of the force’s anti-fraud tools, including the ‘Scameter’ search engine and mobile app, to check for suspicious or fraudulent activity.

According to police, the Scameter mobile app has been downloaded more than 390,000 times with more than 3 million searches.

PwC’s Gan urged residents to regularly check the devices linked to their WhatsApp accounts, avoid using public free Wi-Fi and stay alert to websites with a ‘sponsor’ tag in the Search engine results appeared.

WhatsApp scams first came to the attention of police in November 2017, when fewer than 10 cases were reported in the city.