LCQ9: Prevent technology crime
******************************

     Following is a written reply by the Secretary for Security, Mr Ambrose S K Lee, to a question by the Hon Wong Ting-kwong in the Legislative Council today (January 26):

Question:

     It has been reported that culprits of Internet commercial fraud have employed many different defrauding tricks and recently some culprits have even carried out fraud activities on fake web pages set up on popular social networking sites. According to the information provided by the Commercial Crime Bureau of the Police, a total of 505 Internet commercial fraud cases have been recorded in the first 10 months of 2010, representing a sharp increase of 58.3% as compared with that of the same period in the previous year. In this connection, will the Government inform this Council:

(a) whether there are fraud cases involving fake bank web sites among the aforesaid Internet commercial fraud cases; if so, of the total number of cases involving fake bank web sites on the Internet uncovered in the past three years and the main defrauding tricks used in such cases; what measures the authorities have to assist the detection of Internet commercial fraud committed by using ever-evolving information technologies and to assist members of the public in enhancing their ability to distinguish whether a web site is fake or not;

(b) whether the authorities have studied the causes for the aforesaid increase of nearly 60% in the Internet commercial fraud cases; if so, of the details; of the effective measures to combat such crimes; and

(c) in view of the sharp increase in the number of the aforesaid fraud cases, whether it has drawn up plans to educate members of the public to guard against Internet fraud or fraudulent acts; if so, of the details?

Reply:

President,

(a) The numbers of cases involving fake bank websites received by the Police between 2008 and 2010 are 6, 10 and 22 respectively. The usual defrauding trick of swindlers is that they would make use of fake bank websites to obtain login accounts and passwords of Internet banking account users. The Police have maintained figures of cases involving fake bank websites in a separate category and therefore, they are not included in the figures of general Internet commercial fraud.

     In order to enhance the security of Internet banking as required by the Hong Kong Monetary Authority (HKMA), the banks in Hong Kong had implemented the "two-factor authentication" since end of June 2005 to verify the identity of a customer conducting high-risk Internet banking transactions. In addition, to further strengthen the security of Internet banking, the HKMA issued a circular in July 2009, requiring banks to enhance relevant security measures, including to notify their customers immediately via effective means (for example SMS messages on mobile phones) the details of a high-risk Internet transaction after the transaction has been conducted. As regards education to customers, banks are required to provide customers with easy-to-understand security tips on Internet banking.

     In addition, the Police, the HKMA, the Hong Kong Association of Banks, individual banks and the information technology sector maintain close co-operation, for example, by holding e-banking security sub-committee meetings on a regular basis, enhancing information exchange and establishing a notification mechanism to prevent and combat Internet banking crimes. To enhance public awareness of Internet banking security, they also jointly organise public education activities, including issuing educational leaflets and posters as well as spreading the message through the programme "Police Magazine".

     Members of the public should stay vigilant when using Internet banking services. They should never access their bank accounts through hyperlinks embedded in e-mails, suspicious pop-up windows or other doubtful channels. They should connect to their bank website through typing the website address in the address bar of the browser or by bookmarking the genuine website for access. If in doubt, they should contact the bank concerned immediately to verify the authenticity of the website. If a fake bank website is found, they should report it to the Police or the HKMA. The department or organisation concerned will disseminate information to the media to alert the public if necessary.

(b)&(c) The Police believe that the increase in Internet commercial fraud cases is related to the growing popularity of Internet auction and e-shopping. Among the Internet commercial fraud reports received by the Police in the first ten months of 2010, 405 cases involve Internet auction or e-shopping which account for 80% of the total figure. The commonest trick used by swindlers is that they fail to deliver goods after receiving online payment from buyers. Recently, there have also been cases in which swindlers, disguising themselves as staff of Mainland banks, claim that a payment has been made by the buyer concerned in order to deceive the seller in delivering the goods.

     To prevent and combat such crime more effectively, the Police have set up a task group to investigate Internet auction fraud cases. In addition to strengthening the relevant intelligence analysis, the Police have taken a number of law-enforcement actions to combat such crimes. Moreover, the Police have taken the initiative to contact major Internet service providers and inserted publicity messages in relevant websites to enhance the awareness of those who take part in Internet auctions or e-shopping. The Police have also produced videos on the common tricks employed by swindlers for broadcast in the programme "Police Magazine".

     To strengthen the publicity and education work in relation to Internet commercial fraud as well as other forms of technology crime, the Police set up the "Technology Crime Prevention Unit" in 2009. The Unit has maintained close co-operation with the "Hong Kong Computer Emergency Response Team Co-ordination Centre" and "Office of the Government Chief Information Officer", and assists enterprises, in particular small and medium-sized enterprises, to enhance their knowledge in information security. It also organises, in collaboration with the above two organisations, major publicity campaigns on technology crime prevention, including the "Hong Kong Clean PC Day" held on November 24, 2010, to educate the public about Internet defrauding tricks and the necessary security measures to be adopted for e-shopping.

     Moreover, the Junior Police Call and the Police School Liaison Officer organise regular talks in schools on prevention of technology crimes, so as to promote good surfing practices among young people and to prevent them from committing crimes or becoming victims of technology crimes.

     The Police will continue to formulate education and publicity programmes having regard to the trend of technology crimes. They will also review the effectiveness of related measures from time to time and make adjustments in the light of any changes in the modus operandi of such crimes.

Ends/Wednesday, January 26, 2011
Issued at HKT 14:47

NNNN