What kind of cyber scams do middle-aged people commonly fall for?

Picture this: while casually watching TV at home one night, you hear your mobile phone ring. You look at the screen and a number starting with "+852" shows up on the display.

You pick up and the person calling addresses you by your surname and tells you they work for the government. "We suspect you're involved in illegal money laundering activities. We need your personal details, bank account information and passwords for our investigation."

Understandably, you start to panic - the caller seems to be making so much sense. After all, they're calling on behalf of the government, so surely this is a call from an authority you were always taught to respect? To prove your innocence, would you give the caller the information they asked for? Or will you take a minute to gather your thoughts, calm down and make a call to the relevant government office or the bank to confirm the caller's actual identity? The bank would be able to verify whether your accounts or financials have been accessed.

You're not the only one getting such fraudulent calls. If in a state of panic, you handed over your personal data to the caller impersonating a government official, you can fall prey to a phone scam.

Our latest cybersecurity survey¹ reveals that more than 80% of Hongkongers have been the target of fraud, among which 26% have already fallen prey to scams and lost an average of HKD3,800 as a result. 10% of survey respondents said they have lost over HKD1,000 on average to phone scams, together with the government imposter scams that we just talked about, they're just about the 2 most common types of fraud in Hong Kong.

Our survey findings show Generation X (individuals aged 40-55 years old) is more compliant towards authority, which then makes them more susceptible to phone scams and government official impersonation, compared to digital payment, romance and job scams, and identity theft.

That's a common mindset a lot of people have, but is it really safe for you to make such an assumption? You may think you won't be part of the 10% who gave out whatever private information the caller asked for. But what if the 'official' asks for your full name and date of birth to assist them in their money laundering investigations?

Experienced scammers know how to get what they want even if they're faced with an initial refusal, so it's likely the caller would ask more questions to push you to disclose more personal details so they can 'confirm your identity'. By the time you've realised you have talked too much and shared too much, it'd probably already be too late.

Besides, are you really sure you've never carelessly or accidentally shared your personal data and identity digitally? Remember, every time you shared or told someone your personal information online, you're creating a digital footprint, making yourself more vulnerable to such social engineering attacks. To find out more about how social engineering scams work and how to protect yourself from them, here are some helpful resources you can read:

• What is a social engineering scam?
• How to avoid social engineering scams

Scammers are usually well-versed in playing psychological games and creating elaborate schemes to trick you, so if you get any call that makes you suspicious at all, the rule of thumb to follow is to keep calm and just hang up.

To find out more about the biggest cybersecurity threats other age groups face so you can empower the people you care about to protect themselves, here are some articles that are a great place to start:

If you think you've already experienced a scam, don't wait any longer and report it to us immediately.

¹ Conducted in August and September 2020, the HSBC survey covers a sample size of 800 respondents aged 18-55 years old, which is representative of the Hong Kong population in terms of age and gender based on Hong Kong census data.