Internet Fraud Attacks Hongkong'S Financial Industry

The famous website is being counterfeited again and again. The virtual world releases unsettling information again.

What's wrong with the real world is that the deception and false traps in the Internet world are even more difficult to guard against.

In December 5th, a fake HSBC website was discovered in Hongkong.

This is an Internet address called HKG HSBC. Com, which replicated the personal financial services website of HSBC Hongkong. It even has HSBC's trademark and name, and has a hyperlink to login to the web page that requires users to provide Internet banking usernames and passwords.

In fact, the real HSBC Hongkong web site should be www.hsbc.com.hk.

People familiar with the matter said that if the user accidentally entered the user name and password on the fake website, the property could be seized by the lawless.

HSBC spokesman said in consultation with the newspaper that the website server was registered in the United States and is a cross border crime. At present, no customer has suffered losses.

3 days later, in December 8th, another financial institution was made false web pages cheated by criminals.

On the same day, the website of www.schroders.com.hk, a well-known British Schroder group, issued a statement on its website, referring to a website called www.baoyuans.com, which used the name of the company as "Schroders treasure Investment Management (Hongkong) Co., Ltd." in Hongkong.

The management of the company was informed that at least one suspected fraud case was related to the website.

Recently, according to an online tool http: / / checkdomain.com, which is available to the public to check the registration information of the website, the registered address of the fake website is the contact address of Zhangzhou, Fujian.

Two days later, in December 10th, BOC Hongkong also announced the discovery of a fake website, www.bocfund.com, which has no direct or indirect relationship with Hongkong.

The Hongkong Monetary Authority said it was the sixth fake Internet banking case involving Hongkong banks since June of this year.

According to our understanding, at present, there are about 1000000 Internet banking users in Hongkong, accounting for 51% of all Internet users. Hongkong's banking industry is highly developed, and more than 1500 branches of more than 240 large and small banks and deposit institutions are all over the territory. In particular, online banks are popular in the market. Many users have more than one online banking account.

A series of Li ghost website events in Hongkong caused a great stir, and the online banking business of all banks was also tight.

According to a bank credit card center, according to a conservative estimate, the volume of online business has been reduced by at least 7 to 8 per cent on weekdays.

According to a person familiar with the matter, the actual situation behind customers behind the counterfeit event is not that there is no customer loss as some banks have claimed. A person named Zhang Xing friend has recently been robbed of a credit card user name and password used by a fake well-known bank website. His account in a bank has been illegally pferred to more than 140 thousand Hong Kong dollars.

In December 10th, the Commercial Crime Bureau of the Hongkong police force did not respond positively to the specific losses of Hongkong customers when asked by the commercial crime bureau.

But the police said that because the servers of the fake websites are located outside Hongkong, the police are investigating with overseas related organizations and do not rule out that overseas people may be cheated.

Li Gui, a well-known network security expert in the world, said that the fake tricks of fake website fraud are simple and bad. The following are the following techniques: first, apply for a similar name web site; secondly, use simple web pages to create knowledge to create a homepage similar to the website; third, mass mail or users search the web site when the users mistake the fake website; finally, induce the user to enter the credit card user name and password, after stealing the account, pfer the stolen money or change the address telephone of the user, then re apply for the new credit card and so on, and so on. In the first place, the application of the fake website is made by using the simple web page to create a homepage. In the end, the user will enter the credit card user name and password when the user searches the website. Finally, after stealing the account, the user will be pferred to the bank to steal the money or change the address telephone of the user. Then, he will apply for the new credit card again.

Guo told reporters that this is not the hacker technical behavior of sniffer and server buffer to crack the credit card password.

As the latest fake website case is still under investigation, the specific way of committing a crime is unknown.

But from the two cases provided by the Hongkong police and the HKMA to reporters, the whole method of committing crimes is just as Guo Yaoqi said: it is very simple.

The first case happened in Citibank.

In August, in the name of Citibank Hongkong branch, a fake email was sent to the bank's customers and other citizens. It was said that the bank needed to update the data to ask the customer to log on to another website.

But this is actually a fake website. The purpose of committing a crime is to seize the customer's full name and bank card information, and then seek opportunities for profits.

Another case happened in Hongkong Bank of East Asia.

Around September 20th this year, the Bank of East Asia continued to receive complaints from users, claiming that it could not be extracted after deposit on the Internet, requiring beb to explain and make compensation.

After investigation, the Bank of East Asia found that these complaints users actually did not deposit through the bank's website. Instead, they mistakenly went to an online bank which was very similar to the Bank of East Asia's website. The online bank was named www.EastAsiaCredit.com, and the "EastAsiaCredit" was very similar to the name "EastAsiaCreditCompanyLimited" of the Bank of East Asia's former Affiliated Companies East Asia Credit Ltd., which resulted in some customers mistaking the website as the electronic home page of the Bank of East Asia.

In fact, the Bank of East Asia's former Affiliated Companies "East Asia Credit Limited" was merged with Bank of East Asia as early as the end of May this year. Even before the merger, the Bank of East Asia Group said that it had never allowed "East Asian Credit" to set up a website to receive public Internet deposits.

Besides, in October 16th this year, the Hongkong police prosecuted 3 men and 1 women for suspected Internet banking fraud.

According to the information provided by the police, the suspects obtained bank customer information illegally by means of illegal means on August 6th and 7, and opened 13 online banking accounts to a local main bank with the information. After that, 9 of the 13 internet bank accounts were pferred illegally to 55000 yuan for a false bank account, and then withdrawals were made from ATM or to the banking business hall.

The Hongkong monetary authority has a 7 person expert group responsible for overseeing all electronic banking in Hongkong.

Li Lingxiang, assistant chief executive of the Banking Development Department of the HKMA, said in an exclusive interview with our reporter on the 12 day that the newly revised electronic banking regulatory guidelines of the HKMA will be formally completed by early next year, including the latest regulatory experience of the international banking industry, especially for more and more new forms of bank fraud and the recent counterfeiting website events.

A number of fraudulent cases involving fake e-mails or websites have been reported overseas. The use of false e-mails or websites to deceive bank customers reveals their electronic banks' access to personal data such as names and passwords. It reminds customers of electronic institutions that their authorized agencies or their agents or business partners will never require customers to provide sensitive account information, such as personal passwords and other passwords, and provide some ways for e-banking customers to ensure that their linked websites are official websites of authorized institutions, if they are not linked to e-bank websites in the form of hyperlinks attached to e-mail; regularly search the Internet to check whether there are third party websites whose domain names may be mistaken for accreditation bodies, or whether websites have links to the websites of authorized institutions. Mr Lee said that as early as May 20th this year, the HKMA issued a circular to all accredited e-banking institutions: to remind them to pay attention to the near future.

Despite this, fake websites continue to appear.

Li Lingxiang acknowledged that the biggest difficulty in regulation is the regulation of illegal counterfeiting websites abroad.

"Since May, the HKMA has strictly requested every bank to search suspicious websites every day. If we find counterfeit websites in the first place in the United States, we can eliminate websites directly from the Internet through our electronic banking team members in the United States, but if we find fake websites in countries such as Ukraine or Russia, we can only issue warnings and hand them over to the police."

Li Qiang said that if there is an illegal registration of domain names in Hongkong, similar to XXBANK.COM, the HKMA will investigate and monitor the existence of illegal purposes through the Hongkong domain name registration company.

Mo Naiguang, President of the Hongkong information technology commerce association, expressed concern about the ability of the HKMA to prevent false websites.

I don't think banks and the HKMA will be able to educate customers to use the right websites.

"The registration of domain names will be more and more open, and the number of agencies with registered domain names is huge. It is difficult to find out the registered persons behind it. The HKMA and banks are always on the defensive."

Fortunately, our reporter learned from the responsible person in charge of information security of the China Banking Regulatory Commission yesterday that the CBRC has not yet received reports of fraudulent bank websites engaging in fraud.

The reporter then learned from a number of commercial banks in charge of online business that the implementation of fraud by Internet in Hongkong has aroused the vigilance of banks, and all banks have strengthened the management of network security.

In December 10th, the Bank of China's Hongkong fake website was in a false alarm. In December 10th, Bank of China announced that it had found a fake website: www.bocfund.com.

The company, which is based in Shenzhen, is a bank of China's mutual financial management company. Without authorization, it opened accounts for investors in the name of Bank of China International Group and traded in Hongkong and US securities. The website also used the abbreviation of the Bank of China "BOC" publicly.

On the 10 day, the reporter visited the website to see that the content of the website was written in simplified Chinese characters, which is totally different from the real bank of China website. The website has deliberately published some photos of some authoritative figures in finance and economics, such as Li Jiacheng, and has many links, including the website of the Li Jiacheng foundation, the first Shanghai securities company and the Tai Fu securities company. However, these companies have indicated that their links have not been authorized.

It is understood that the Bank of China Mutual Financial Registration in Hongkong in November 12th this year, the purpose is to introduce and analyze portfolio for investors, there are only more than 10 customers, most of them are Hongkong people.

Before the incident was revealed, the website asked investors to input information and claimed that they could open accounts for the Bank of China investment international group and buy and sell American stocks and Hong Kong stocks. According to the company profiles on its website, the company registered in Hongkong and the British Virgin Islands (BVI) with registration number: 870216.

At present, the company's financial objectives are to provide investors in Greater China (including mainland) with investment and financial services such as the Hongkong stock market (including the US listed China concept stocks) and the mainland Shanghai Shenzhen stock market legal person shares. There are also service categories for customers to open accounts and remittance addresses on the website, and the company's chief fund manager, named Chang Chang, is the founder of several mainland private equity funds.

However, the Hongkong Securities Regulatory Commission has publicly pointed out that the Bank of China mutual financing Limited is not a licensed corporation of the association, nor has any relationship with the Bank of China, so it has no right to provide investment services to its clients.

The website was closed at eight p.m. on the 10 night. In the webpage, the webmaster's message, known as "old horse knows the way," means that the website is being modified according to the relevant requirements.

Welcome friends to come back in a few days, "and so on.

11 days later, the newspaper reporter called the Bank of China on the reciprocal financial management of the original 24 hour hotline on the website. A company spokesman said the company had sent people to the Hongkong Securities Regulatory Commission and Bank of China on the evening of 10 to explain, and offered to rename, delete the "Bank of China" two words, and the website also temporarily suspended operation until the completion of the conversion procedure.

The spokesman stressed that the company was not cheating.

At present, there are three hundred thousand clients of Bank of China in Hongkong through Internet banking, but BOC Hongkong said the incident did not cause customer losses.