Hong Kong police to launch free software ‘V@nguard’ for businesses to fight phishing scams
- Project, developed with researchers at HKU, is aimed at SMEs, after such scams caused more than HK$1.4 billion in losses last year
- Data confidentiality will be ensured as software will run on companies’ servers, with no access for police and developers
Hong Kong police will launch free software for companies to filter suspicious emails in a bid to guard against phishing scams, which have caused more than HK$1.4 billion (US$180 million) in losses for most of 2021.
About 70 per cent of victims falling prey to phishing emails were small and medium-sized enterprises, according to police.
The total amount in losses came from more than 500 cases reported from January to November last year. While it was a drop from the HK$2.1 billion across 715 cases in 2020, scammers have become more brazen.
In one of the cases last year, fraudsters posing as senior staff members of an overseas-based parent company requested transactions of as much as HK$150 million.
“V@nguard”, a free software designed for SMEs, will filter emails from unrecognised accounts and notify users of risks with a warning banner. Such messages can then be manually labelled as “junk”, with all subsequent emails from the same source blocked on company accounts.
To avoid mislabelling, staff can create a list of “known senders” with the software, including external parties that they frequently communicate with.
The software is under project “e-GUARD”, developed jointly by the cybersecurity and technology crime bureau (CSTCB), the University of Hong Kong (HKU), the Hong Kong General Chamber of Commerce (HKGCC) and a group of SMEs.
“V@nguard” is written in the widely used programming language Python and is only available to companies using Linux-based systems when it launches next month, but it is expected to be available for all other platforms later.
As the software runs on each company’s individual server, neither police nor HKU developers will have access to information or the email system, but users can seek help through a hotline and a dedicated email.
“There will not be issues surrounding privacy, as all information will remain in the companies’ internal systems and the emails or messages will not be shared anywhere else,” said Professor Yiu Siu-ming from HKU’s computer science department.
Yeung Man-kin, chairman of the SMEs committee at HKGCC said: “It’s difficult for company staff to identify scam emails, as they receive a large amount of emails daily and may not be able to inspect each one carefully.”
Scammers often create email domains that differ slightly from the official address, which can be easily overlooked by staff who are already under pressure at work, according to Cheung Wai-ho, chief inspector at CSTCB.
Parts of the email addresses are replaced with similar-looking alphabets or numbers, for example, the letter “l” by the number “1”, or a capital “O” by the digit “0”, and vice versa. Accompanied with requests for “urgent reply” and “quick response”, staff are even more likely to fall victim to scammers.
“We won’t be charging for the software, it’s for the good of the public and SMEs to counter email scams,” Cheung added.
In light of the increasing number and complexity of such crimes, police will strengthen operations and cooperate with international bodies, including the Singapore-based Interpol Global Complex for Innovation, to protect internet users.
