How to protect yourself against social engineering scams
It’s 10pm when your phone rings. The man on the other end tells you he’s a police inspector from Guangdong Province and that you could be in serious legal trouble.
It seems your name has appeared on several suspicious business contracts involving illegal imports and exports. The authorities have serious concerns that you might be involved in trafficking.
The caller begins to question your finances. He knows about the smart TV you just bought, the vacation you took to Okinawa, the lavish meal you had at that Michelin star restaurant last week. He asks if you are the one paying for your nephew’s university in Canada.
He tells you they have more evidence, too – but perhaps it’s a mistake. Perhaps you got mixed up with gangsters who have tricked you into shady business dealings. Or maybe your account has been hacked, and is being used to cover illegal transactions.
He tells you that you can be cleared of any wrongdoing if you cooperate with the authorities in their investigation. The first step, he says, is to give him your bank account information, so they can monitor it for any suspicious activity.
He tells you don’t hang up. This is your only chance. Provide your log on details now, or your account will be frozen and you'll face prosecution to the fullest extent of the law.
Don’t do it. It’s a scam.
This is what is known as a “social engineering scam”. Sometimes the story will be about tax evasion. Other times the con artists will claim that your relative is in serious legal trouble. But in general with these scams, criminals pose as officials and try to get you to share your bank details, or to transfer money directly to them.
Consider the story you just read. A convincing fraudster could make you think that they knew these details because they had high-level government access. But take a closer look at the “facts” they knew about you.
Your trip to Okinawa. Your new TV. Your expensive meal. Your nephew in Canada.
These are all common social media posts. Maybe you Instagrammed your trip. You thanked your Facebook friends for helping you decide on the best TV for your budget. You wrote a review for that anniversary dinner. And maybe you left a simple “Happy Birthday!” on your nephew’s wall, and his profile shows that he’s studying in Vancouver.
But fraudsters aren't always stalking your online profile. Sometimes they just play the odds. They'll say things like:
I know you travelled to China recently.
We notice you tried to buy something from an online shipper in China.
There's been some unusual activity from a Chinese mobile number registered to you.
These are things that could sound true for most Hongkongers. Lots of people visit family in Mainland China. Many of them also have a local number there. And who doesn't shop from Taobao now and then?
Fortunately, there are ways to protect yourself:
- The caller might tell you that this is your only chance to defend yourself, but they are lying about everything. Even if the call sounds genuine, your best bet is to hang up and seek legal advice.
Be aware of what you share online
- Sharing too much personal information makes it easy for scammers to make it seem like they know you.
Never give your account details – especially your log on information – to anyone
- Your user name and password provide crucial protection for you. Same goes for one-time passwords. Banks will never ask for these details and neither will any law enforcement personnel.
If you receive a suspicious call, hang up immediately and report it to us by calling (852) 2233 3000
- What is "phishing"?
- Avoid falling prey to WhatsApp scams
- What is a social engineering scam?
- How to avoid social engineering scams
- Beware of malicious software