An alarming trend has recently surfaced in Hong Kong, targeting unsuspecting individuals who order through online platforms, particularly those of popular brands such as Pizza Hut Delivery (PHD).
Scammers have been crafting fake replica websites and utilizing deceptive tactics to lure victims into sharing sensitive information. This article provides insights from Velocity Sales Director Leo Tong and is intended to shed light on this emerging threat and provide practical solutions to protect Velocity clients.
Phishing in Action
A recent incident on a reddit-like Hong Kong discussion board, lihkg, brought attention to a sophisticated phishing scheme involving PHD and paid Google Ads.
According to the thread on lihkg, that generated over 20 pages of discussion and an Instagram share that garnered over 5000 likes, a user fell victim to a scam when searching for PHD online.
The scam involved fake PHD websites, with scammers buying Google ads to secure top placements. The victim clicked on the first ad, unwittingly inputting credit card details on a fake website (“phd-hk”.”online”) instead of the legitimate “phd.hk.”
Credit Card Scamming
The consequences of falling for such scams can be severe. In this case, the victim’s credit card was not only used for a fake pizza order but also for a fraudulent transaction totalling EU3000 and HKD11000 to purchase an iPhone.
This incident highlights the broader issue of credit card fraud associated with these fake websites.
Fake Brand Ads on the Rise
Unfortunately, PHD is not the only brand facing this issue. Scammers are also deploying similar tactics for other popular services, like WhatsApp. A recent PC Gamer article exposed scammers impersonating WhatsApp by purchasing top ad spots on Google, leading unsuspecting users to phishing websites.
Protecting Yourself and Your Business
Leo Tong, Velocity Sales Director, emphasizes the importance of vigilance to combat these emerging scams.
1. End Point Security: Velocity offers managed services to keep endpoints updated with phishing website signatures and ensures the blocking of malicious websites while maintaining a whitelist for legitimate ones. Tong also advises users to invest in robust anti-phishing and anti-virus endpoint solutions. Trusted brands recommended by Velocity include Kaspersky, Eset, Checkpoint, Lapcom, and Symantec.
2. Fully Managed IT Services: Having a fully managed IT services provided in place to be the eyes and ears of your business is the strongest risk management approach. Velocity’s fully managed IT services include extensive cyber security advisory and solutions, so you’ll always feel protected.
3. Well Managed Firewalls: Tong stresses that having a firewall is not enough; it must be proactively managed. Velocity recommends top firewall solutions like Fortinet and Sonicwall.
4. Brand Protection: To safeguard against brand impersonation, Tong recommends utilizing brand protection services. KnownSec and Mimecast are two reputable brands that specialize in identifying, alerting, and taking down fake websites, with a focus on China and international domains, respectively.
As threats and scam tactics continues to evolve, it is crucial for businesses to stay informed and take proactive measures to protect themselves and their customers from falling victim.