Advertisement
Advertisement
Scams and swindles
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Irish Geronimo fell victim to a phishing scam. Photo: Edmond So

Hong Kong sees sharp rise in phishing scams, as victims reveal personal data after receiving ‘SMS from the bank’

  • Cathay flight attendant who lost HK$83,000 from HSBC account hopes to get her money back
  • Hong Kong Monetary Authority warns public to beware of hyperlinks in messages apparently sent by banks

Cathay Pacific flight attendant Irish Geronimo, 29, was panic-stricken when her bank sent a text message saying about HK$83,000 (US$10,640) of her hard-earned savings had been transferred to a stranger.

The bad news arrived hours after she clicked on an embedded hyperlink in a text message which appeared to be from her bank, HSBC, but was actually sent by a scammer.

She realised she had fallen victim to a phishing scam. “I am still traumatised,” she said. “At that time I didn’t know what to do.”

‘I was stupid’: how phone scammers cheat their Hong Kong victims of millions

Geronimo, a Hong Kong resident from the Philippines, is among those tricked by phishing – when scammers get people to provide personal data which is then used to steal from their bank accounts.

According to the Hong Kong Monetary Authority, 111 bank customers lost a total of HK$22 million in the first half of 2021, compared with no cases last year.

Irish Geronimo is one of the lucky ones, she may get her money back. Photo: Edmond So

As of June 18, police had received 51 reports about phishing scams involving fraudulent bank websites resulting in losses of HK$10 million. In the largest single case, the victim lost HK$880,000.

Banks also detected 169 cases of suspicious websites, mobile applications, and phishing text messages and emails in the first half of this year, up 145 per cent from 69 in the first half of last year.

The monetary authority reminded the public to beware of any hyperlinks purportedly sent by banks and to keep passwords, and internet banking login credentials, safe.

Geronimo told the Post she was tricked at around midnight on June 10, when she was in quarantine at a Lantau hotel after a flight from the United States.

A text message arrived, purportedly from HSBC, saying: “A new payee has been added today. If this was not you, visit: auth-hk-payments.com.”

Money lost in romance scams jumps 140 per cent: Hong Kong police

She said that as she “hadn’t added any new payee, I was freaked out and clicked the link”.

She was then told to input her personal information, including her e-banking login, password and a one-time verification code – which she did.

However, at around 1pm that day, HSBC informed her that HK$83,000 had been transferred from her account via two online transactions.

“I immediately called HSBC, but it took me 20 minutes to get through to someone and by then, it was too late,” she said.

The bank officer told her the fraudulent transactions had been approved and nothing could be done. She was advised to call police.

“I was so angry. I was crying alone in my hotel,” she said.

She went to the bank as soon as her quarantine ended, but was told an investigation was in progress and would take weeks.

It was not until July 13 the bank finally told her it knew who had tricked her – another HSBC account holder.

The bank froze the account and police are investigating.

Earning just around HK$12,000 a month amid the coronavirus pandemic, Geronimo said she was still repaying a student loan for a diploma course at Tung Wah College, on top of her monthly rent of HK$5,000.

On Thursday, a day after the Post asked HSBC about the case, Geronimo said the bank contacted her to tell her it could advance her the full sum she had lost, but she would have to repay it if the scammer returned the cash or a court approved returning the money to her.

“This is good news to me,” she said.

Police in Hong Kong, Macau break up syndicate suspected of swindling 17 women

A spokesman for HSBC said it had communicated promptly with Geronimo and offered support. “The issue has been resolved,” he said.

He urged customers to be vigilant and keep their details private, pointing to a rising number of scams using popular messaging services to target victims with instructions that appear to be sent by banks.

“HSBC will never send an SMS or email with embedded hyperlinks to direct customers to conduct transactions or ask for sensitive personal information,” he said.

9