New twist to Hong Kong dog meat sales scam as police find buyers of other products cheated, including man duped out for HK$415,000 over HK$25 instant noodles
- Police say scammers deceived customers buying other products by urging them to download Android app for placing orders which allowed them to control users’ phones
- Man responded to instant noodle advert on Facebook and transferred HK$25 through app’s fake banking page, before finding HK$415,000 had been stolen from him
A scam involving the sale of dog meat has taken a new turn after a Hong Kong police probe found that at least nine customers buying other products were duped out of HK$1.36 million through the same app, including a man who lost HK$415,000 after trying to purchase HK$25 instant noodles.
Police revealed their latest findings on Monday after authorities launched an investigation a day earlier into an online trader on Facebook claiming to sell dog meat – illegal in Hong Kong – following a public outcry over the adverts. Officers said there was no evidence to suggest dog meat had been sold or delivered so far.
The force, however, said it had received 11 reports of suspected scam cases involving the use of the app from mid-September to Sunday. Nine victims who tried to buy other products incurred losses ranging from HK$9,000 to HK$415,000, with more than HK$1.36 million taken in total.
Hong Kong authorities probe suspected sale of dog meat amid uproar over advert
Chief Inspector Lau Ngo-chung said the scammers deceived customers by urging them to download an Android app – Trojan horse malware – for placing orders.
He said the app required users to agree to terms and conditions that allowed scammers to control the buyer’s phone, divert victims to a fake banking login page, and trick them into entering their name and password when ordering products, ranging from food to travel packages and car rentals.
“The scammers can remotely control buyers’ phones even if they are on a blank screen. They then utilise the information they entered to access their real bank accounts to transfer their funds away,” Lau said.
Early this month, a man in his sixties responded to an instant noodle advert on Facebook and transferred HK$25 through the app’s fake banking page, before finding HK$415,000 had been moved to another local bank account that day and the next. He later made a report to police.
The force said those who failed to download the app, which was only available for Android phones, were asked to pay HK$30 to a Faster Payment System (FPS) number linked to a local animal shelter and the scammers would cut off contact.
It said the charity had reported the case and had nothing to do with the scam.
Hong Kong shop investigated over suspected sale of cat, dog meat for food
“Scammers who were previously attracting customers with low prices and installing a malicious app, changed to using the sale of suspected dog meat as a cover to create a public noise,” said Ip Cheuk-yu, acting superintendent of the cybersecurity and technology crime bureau.
“We believe the scammers aimed to attract animal lovers to engage with the ‘sellers’ and lure them into attempting to download the app to trace their identities.”
The Hong Kong Homeless Dog Shelter’s co-founder Angela Chan said she was aware of the false rumours and that the charity’s FPS number had been used by someone else.
“We hereby state that the Hong Kong Homeless Dog Shelter has never sold or traded dog meat,” the charity said.
The slaughter and sale of dog and cat meat – and its use for food – is illegal in Hong Kong, with offenders facing up to six months in prison and a maximum fine of HK$5,000.
The force urged residents not to click on unknown links to download apps and not to grant unreasonable permissions to apps, as well as to restore the phone to its factory settings if there was any suspicion of installing malicious code.
Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, warned it was extremely dangerous to download Android apps through unknown links given the relatively new scam tactic.
“People tend to omit the information on what access will be granted when downloading an Android app. But once you downloaded it, it is too late as the scammers gain full access,” Fong said.
Meanwhile, Bank of China (Hong Kong) temporarily disabled the screenshot and screen recording functions for personal and business mobile banking on Android devices on Monday to prevent hackers from gaining control of mobile gadgets for illegal purposes, following similar action by HSBC Hong Kong a few days ago.
Indonesia’s brutal meat market shuts, but some locals insist ‘no dog, no fun’
Fong said the vulnerability of the Android system to malicious software threats lay in the fact that users could download apps without going through Google Play, increasing the risk of unintentionally downloading Trojan codes.
“If a user accidentally downloads apps with a Trojan horse, hackers can remotely monitor the activities of Android phone users, including capturing every keystroke such as entering text or symbols. Even if the passwords are protected with asterisks, the hackers are still able to trace them,” Fong said.
“Keeping screen grabs from your banking app on the device is no longer safe.”
He added apps for Apple’s iOS had to be downloaded through the App Store and no external programs were allowed, resulting in very few instances of malicious software infiltrating the system.
He added hackers could exploit the Trojan program to open SMS messages and view one-time passwords, subsequently deleting them without leaving any trace and putting users at risk of having their online bank accounts compromised without any evidence to trace back to the thieves.
