Information Security Tips (August 2023) – Beware of Scammers Exploiting AI Techniques

Recently, there have been reports of scammers using artificial intelligence (AI) deep fake technique for fraudulent activities, including creating fake news to promote investment schemes or manipulating videos to impersonate celebrities and deceive victims into participation of false investment activities. It is also possible that scammers may use similar techniques to impersonate your friends or family members during video conferences or voice calls for phishing scams.

There are few steps to protect yourself from phishing scams:

  1. Stay vigilant and calm:
    • Keep composure when dealing with urgent requests, especially those involving financial transactions or investment request. Be particularly cautious if someone claiming to be a “friend” requesting money transfer in the video or audio recording.
  2. Verify identities:
    • When it comes to financial transactions or personal information, always verify the identity of the other party. Confirm the identities of the friends, family, or relevant institutions through independent channels and the authenticity of their requests.
  3. Watch for inconsistencies:
    • Attempt to verify the other party’s identity through casual conversation, as scammers may reveal inconsistencies.
  4. Protect personal information:
    • Besides personal data, do not provide biometric data such as facial recognition, fingerprints, or voice samples.
  5. Don’t blindly trust online information:
    • This includes messages labeled as “Fact Checked” or “Confirmed.” If you suspect it to be false information, avoid sharing it and consult the relevant authorities for verification.

Although criminals may change their fraudulent methods from time to time, their goal remains the same: to deceive users into revealing their account credentials, personal information, or money. By staying vigilant and remembering to “Stop and Think! Do Fact Check!”, you can protect yourself from phishing scams.

Information Security Tips (July 2023) – How to Dispose Personal IT Device Securely

When you are no longer using personal IT devices, such as a computer, smartphone, tablet or external storage device, it is important on how you dispose of it properly. This helps to protect your privacy and security, as well as the environment.

There are few steps you can dispose of your personal IT equipment securely:

  1. Back up your data:
    • Before disposing of your device, make sure to back up all your important data and files. You can use an external hard drive or cloud storage to store your data.
  2. Unsubscribe or unbundle accounts:
    • If there are any subscription services or bundled accounts, you should first unsubscribe or log out of all bundled accounts.
  3. Wipe content from your device:
    • Make sure to wipe your device clean before disposing of it. This means deleting all your personal data and files from the device.
  4. Remove SIM cards and memory cards:
    • If your device has a SIM card or memory card, make sure to remove them before disposing of the device.
  5. Destroy the device (if necessary):
    • If you have sensitive data on your device that you don’t want anyone else to access, you can destroy the device physically.
  6. Recycle the device:
    • Once you confirm your device is wiped, you can recycle it through your local recycling company or organization, such as Direcção dos Serviços de Protecção Ambiental (DSPA) in Macau, which is promoting Electronic and Electrical Equipment Recycling Programme.
  7. Don’t forget those household appliances:
    • Such as TV boxes, TVs or portable game consoles, etc., which may contain credit card and personal information,  make sure to handle them carefully.

No matter how you choose to dispose of your personal IT equipment, make sure to do so in a responsible way.

Reference:
Electronic and Electrical Equipment Recycling Programme (DSPA)
How to Properly Prepare Your PC for Disposal
How to factory reset your iPhone, iPad, or iPod touch
Reset your Android device to factory settings

Information Security Tips (June 2023) – AI Tools and Information Security

Artificial intelligence (AI) refers to a system or device that can simulate human intelligence, and realize automation, optimization and innovation functions through big data analysis, machine learning and other technologies. In recent years, the development and application of AI tools have become increasingly widespread, bringing convenience and efficiency to our life. It can chat with you, generate articles, draw portraits, write computer programs and more. When choosing and using AI tools, below are some precautions:

  1. Always use official and legal channels to obtain AI tools:
    • Hackers have created fake AI apps and websites to trick people into downloading and using them. However, these AI apps could be a piece of malware that steals data from your device, or they could steal your credit card and personal information by charging you for the service.
  2. Be careful when sharing personal or confidential information with AI tools:
    • Even using a reputable AI tool, don’t provide any personal or confidential information before understanding and accepting its privacy policy. The information you provide may be used to train the AI model and may be included in the responses to other people’s queries. And, it could lead to a data breach.
  3. Don’t open files and links in emails unsuspectedly:
    • Hackers can use AI tools to generate highly realistic phishing emails that are difficult to be identified by spam filters and even humans. If you have doubts about the email content or sender, don’t open the attached files and links, and don’t trust the contact methods. Confirm the authenticity of the email through a credible channel, such as, by calling the sender directly before taking the next step or replying.
  4. Don’t fully trust the content generated by AI tools:
    • An AI tool is only as good as the data it uses. If the data it learns from is outdated, incomplete, or incorrect, it may generate inaccurate, untrue, illegal, or unethical content. Therefore, whatever you get from an AI tool, verify it carefully before using and trusting it.
  5. Pay attention to the copyright of the content generated by AI tools:
    • The content generated by AI tools may have been used by others, or may contain copyrighted content of others.

Information Security Tips (May 2023) – Quishing Attack

“Quishing” or “QR code phishing” is a type of phishing attack. When a user scans the QR code, he/she will then access the phishing website. Since a QR code is an image, current security measures may not be able to detect it as a threat. “Quishing” may therefore become a new normal in the future.

Safety Tips of Using QR code:

  1. Mobile payment:
    • Verify the information carefully in the mobile app before making any payment in any transaction with QR code. After transaction, verify the transaction details sent by the bank or mobile payment service provider immediately.
    • Do not share or disclose the QR codes generated by mobile payment services to others.
  2. Website redirection:
    • Stay alert before scanning QR codes and do not scan any codes from unknown sources.
    • Turn off the QR code scanner’s automatic URL redirection function. Once you turn it off, the scanner will show the URL content and request you to confirm if to open the URL or not.
  3. Account login:
    • Only scan account authentication QR codes in the official websites.
    • Contact the service providers immediately for any unusual login records

Information Security Tips (April 2023) – Don’t overlook the importance of patching vulnerabilities in your home network devices

Security updates and vulnerability patches are important because they ensure that your device is protected from various threats, and attackers constantly seek new vulnerabilities to exploit with new technologies. Therefore, software on your device needs to be updated regularly to maintain security and prevent attackers from exploiting known vulnerabilities to attack your computer and network devices or steal sensitive information.

Here are several ways to ensure that your device has the latest security updates and vulnerability patches:

  • Develop good habits: Before installing updates or changing settings, please read the installation instructions and precautions provided by the vendor, and perform data backup as well.
  • Check for updates manually on a regular basis:
    • Choose an appropriate time to update your devices manually to avoid disrupting your work or other activities.
    • If you need to work outside, it is recommended to perform necessary updates in advance using your company or home network to avoid the risk of intrusion on public networks or incurring high data charges when using mobile data.
  • Enable automatic updates: Automatic updates can make up for the shortcomings of manual updates and improve security as well.
  • Download software only from trusted sources: Only download software and applications from trusted vendors to avoid downloading malware or malicious programs.
  • Update all software and applications: Not just the operating system, but all applications and software should be updated, including web browsers, antivirus software, and more.
  • Update hardware firmware: Do not overlook home network devices such as home routers, network-attached storage (NAS), smart homes, and home surveillance cameras, etc.
  • Don’t ignore small updates: Do not ignore minor updates as they may also contain critical security updates and vulnerability patches.
  • Stay aware of vulnerability disclosures: Pay attention to whether there are known security vulnerabilities in your devices and software, and respond and patch them in a timely manner

Security updates and vulnerability patches are important to protect your devices and data. Regularly checking and installing updates and patches is one of the best ways to ensure that your device is protected from various threats. If you have any questions, you can consult your service or product vendor.

Information Security Tips (March 2023) – Screen sharing features hide dangers, do you know how to prevent them?

Screen sharing features refer to the function of sharing your computer screen or mobile screen with others during online meetings or remote work. This function can facilitate communication and collaboration, but it also poses some cyber security risks that may make you a target of scammers or hackers. According to a notice from the Judiciary Police, this function is also a tool for phone scammers.

Scammers may pretend to be government officials, customer service representatives, or bank employees, claiming to assist you with online video call investigation, problem solving, account updating, benefit claiming and so on. Then, they ask you to download unknown applications (APPs) or share your screen with them, and instruct you to input personal information, bank account passwords, verification codes, transfer money, etc. In fact, once you share your screen with them, they can see what you type and may also install malicious software, steal your data and control your device without your knowledge.

To prevent above risks, here are some information security tips:

  • Do not share your screen with strangers or people whose identity you have not verified;
  • Do not click on suspicious links or open suspicious attachments;
  • Do not download or install applications (APPs) or software from unknown sources;
  • Do not turn on screen sharing features or input confidential data when using public WiFi;
  • Choose a reputable software or platform with data encryption function to share your screen;
  • Only share the necessary content when sharing your screen, and monitor the scope and duration of the sharing;
  • End the meeting and log out of the software or platform immediately after sharing your screen.

Remember to stay alert and be careful when using screen sharing features and do not let yourself to become a victim of scams.

Reference

Judiciary Police – Police Information Circular
Know social engineering and beware of phone scams
How to download and install software in a secure manner?

Information Security Tips (February 2023) – Know social engineering and beware of phone scams

In recent years, we have heard frequent warnings to beware of scams through various channels, but phone scams continue to happen. In fact, scammers use “social engineering” to obtain personal information, sensitive data, or conduct fraud. Social engineering is the use of psychology and interpersonal relationship skills to exploit human emotions such as curiosity, fear, and trust. Scammers often impersonate others, such as bank clerks, police, government officials, or court personnel, or pretend to be relatives or friends, to trick victims into providing personal information or transferring money, in order to achieve illegal profits.

To prevent to be the victim of the phone scams, here are some tips:

  • Stay alert: Scammers will use the above techniques to impersonate others to commit fraud. Therefore, don’t easily trust the identity of the caller and verify their identity through official channels.
  • Pay attention to language expressions: Fraud calls often threaten or intimidate victims. Stay calm and pay attention to the caller’s language and accent. If there is any question, you may discuss with family and friends or seek help from relevant institutions.
  • Do not disclose personal information easily: Just as “don’t flaunt your wealth,” personal information should also be kept confidential, such as bank card numbers, passwords, and ID numbers. If you need to provide such information, do this through secure and reliable methods.
  • Do not easily transfer the money: When a call related to funds is received, do not easily transfer the money. Verify the identity and information of the caller through official channels and ensure the security of the transaction.
  • Enhance security awareness: Pay more attention to security information and enhance your ability to identify and prevent fraud. If you notice any suspicious activity, contact the authorities to prevent being scammed.
  • Share security information with family members: It is also important to increase the security awareness of the family members, as scammers may use social engineering techniques to deceive or trick them into revealing personal information. Scammers may also use this information to impersonate a family member and carry out fraud activities.

In conclusion, preventing phone scam requires sharp vigilance, enhancing security awareness, not easily disclosing personal information or transferring money, and verifying the identity and information of the caller through official channels. Be cautious about anything about funds, in order to prevent losses.

Information Security Tips (January 2023) – Protect privacy on social media from being used by criminals

In the last security tips, we have provided some information about online scams and suggest users to raise their security awareness to avoid falling into online scams. In fact, protecting your privacy on social media can also prevent you from being involved in scams.

Here are two examples of disclosing privacy in social media:

1. Online romance scams
Scammers look for targets on various social platforms based on disclosed information. After getting to know the victims’ interests, scammers easily win the victims’ affection and start an online romantic relationship. Then, scammers use a plethora of reasons to ask for money. Scammers and victims never meet in real life.

2. Steal other people’s photos and then commit fraud
Criminals steal other people’s photos, pretend to be other people’s names to open accounts on social networking platforms, and use the fake accounts to contact other target people continuously to obtain phone numbers or personal information. Relevant information is very likely to be used for various fraudulent activities.

In both examples, scammers are using information disclosed by others on the Internet to commit crimes. Just think about it, the more information a stranger knows about you, the greater your are at risk.

Here are some tips for preventing the above scams:

      • Remember that the Internet is a virtual world where anyone can assume a false identity;
      • Be vigilant at all times about people or messages from unknown sources;
      • Properly protect personal information, and do not casually disclose personal and relatives and friends information on social networking platforms;
      • Enable two-factor security authentication for social networking platform accounts to improve account security while limiting who can access your information.

Reference

Information Security Tips (December 2022) – Enhance security awareness to avoid online scam

IT devices have become a part of our lives. No matter how old you are, you can access online information through your device, such as chatting, online shopping, etc. Internet not only brings us useful information, but also makes some scams more accessible to us.

Here are two examples of online scams:

1. Online shopping scams
Have you ever shopped online but did not receive the goods after payment? Most scammers defraud consumers with the following tricks:

    • Use of special offers – Attract buyers with limited offers, sales, overseas purchasing services
    • Lose contact upon receiving money – Ask buyers to transfer money into a specific account and refuse to trade face to face. Once the money is received, the sellers disappear into thin air.
  1. Online job search scams
    Fraudsters post job ads on various social media platforms, forums or instant messengers, and lure job seekers intopaying fees, guarantee fees or other chargesunder various pretexts. After snatching the money, the fraudsters will be out of contact. Such scams may have the following characteristics:
    • Offer high salary or work from home jobs
    • Low academic qualifications or age requirements
    • Do not mention the specific job post and duties
    • Do not mention the name or address of the company, but only provide contact information with instant messenger or mobile phone number

In the above cases, the psychology of people who want to get a discount or preferential treatment is exploited for scams.

Here are some tips to prevent the above scams:

    • Remember that the Internet is a virtual world where anyone can assume a false identity.
    • Always be alert to people or messages from unknown sources.
    • If possible, shop on shopping platforms with a good reputation to reduce the risk of being scammed.
    • When shopping, pay attention to the origin of goods to avoid inadvertently running afoul of the law.
    • Be careful when applying for a job. You can start by collecting data to verify that the company or job actually exists.
    • If you encounter any problems, you should talk to your family or friends.

Reference

 

Information Security Tips (September 2022) – Be careful with suspicious messages!

Regarding the recent suspicious messages about the withdrawal of epidemic prevention subsidies with the respective link, the Social Welfare Bureau clarifies that it was a fraudulent message, and the case has been reported to the Judiciary Police.

The Social Welfare Bureau reminds the public to be careful about this fraudulent message. If you receive similar message, please be alert and DO NOT believe it. DO NOT click the link and DO NOT provide any personal information. You should report to the Judiciary Police if you encounter similar case.

Sample of the fraudulent message

(Original in Chinese, translated version for reference only)

In addition, some users have also received phishing email about the withdrawal of social insurance subsidies in Mainland China.

Sample of the phishing email

(Original in Chinese, translated version for reference only)

ICTO would like to remind you that phishing attempt can be recognised by users who stay vigilant when they come across the following common characteristics of phishing messages and emails:

    • It involves imitating a trusted official and trick users to click on malicious links.
    • It may contain important notice which requires immediate actions, conveys messages of threat or gives an offer that is too good to be true (e.g. free overseas trip ticket).
    • It may contain shortened Uniform Resource Locators (URLs).
    • It may copy official contents such as texts, logos, and contact information to make it look genuine.

Responding to phishing message attacks

    • DON’T arbitrarily forward the phishing message. Mass messaging indiscriminately will lead to abuse. Spreading fake news or rumor, it may violate the relevant laws.
    • Delete or block the phishing message immediately to prevent from accessing the malicious contents again.
    • Report the case to the Judiciary Police if criminal activities and leakage of personal data are involved respectively.

ICTO will introduce some other types of Phishing in the next issue of information security tips.