Hong Kong’s cybersecurity watchdog has warned the public about a phishing website posing as the police and “fining” people for visiting too many porn sites.
In a recent Facebook post, the Hong Kong Computer Emergency Response Team Coordination Centre said it had received reports about an intricate phishing attack involving a fake police website, which appears to have the same link and logo as the real site of the Hong Kong Police Force.
The center added that the fake site tries to get visitors’ credit card details by telling them that they have been browsing too many pornographic websites and have to “pay fines”.
According to a screenshot of the phishing site provided by the watchdog, the website tells users their “browser has been blocked due to repeated visits to pornographic sites containing materials prohibited by the laws” of Hong Kong, such as “pornography promoting pedophilia, violence, and homosexuality.”
The fake site also tells users to pay a “fine” of HK$3,700 by credit card within 12 hours and if they fail to do so, or attempt to unblock their computer without paying the fine, all information on their device will be permanently deleted.
The site warns: “The police will come to your home to arrest you and criminal charges will be filed.”
The watchdog said that fake site uses a new phishing technique called browser-in-the-browser (BitB) attack, whereby hackers create the address bar, toolbar and tabs using JPG images.
Hence, the site will look like the real police website when netizens use the full-screen browser mode, in which the real website link is hidden.
The center said it has contacted the relevant service provider to remove the fake site, but warned such scams will continue.
It gave some tips on how to identify such phishing sites.
For example, users can press the “esc” key to exit the full screen mode, so as to check the real website link, the watchdog said.
It added that such fake sites cannot be viewed on smartphones.
The center also advised the public that before clicking on a link, they should consider its authenticity and whether the person who sent it over is trusted.
It also said that the public should contact relevant agencies if they are in doubt.
Reader Interactions