Skip to content

Media Statements

Media Statement - Privacy Commissioners Office Urges the Public to Guard againstPhishing Websites and Fraudulent SMS Messages

Date: 21 March 2023

Privacy Commissioner’s Office Urges the Public to Guard against Phishing Websites and Fraudulent SMS Messages

As the society resumes normalcy, many citizens have begun to travel abroad. The Office of the Privacy Commissioner for Personal Data (PCPD) noted recent reports on a phishing website which claimed to provide submission service of electronic entry permit applications to a foreign government, with a view to swindling personal data, including credit card information, and money out of citizens in the process of declaring health conditions. In addition, the PCPD noted that some members of the public had recently received SMS messages allegedly issued by the HKeToll and several membership reward schemes (including CMHK MyLink, HKT The Club, MoneyBack, SmarTone, yuu), falsely claiming, respectively, that they could access the HKeToll website or there were reward points that were about to expire, thereby inducing citizens to click on the embedded hyperlinks that were used to obtain citizens’ personal data, including credit card information, and money.
In this regard, the Privacy Commissioner for Personal Data (Privacy Commissioner), Ms Ada CHUNG Lai-ling, reminds members of the public to be cautious of phishing websites and fraudulent SMS messages. The Privacy Commissioner offers five tips to safeguard personal data privacy:
  1. Be vigilant: If there is a website or SMS message that solicits your personal data, including your name, Hong Kong Identity Card number, or even bank account or credit card number, you should think twice, find out the purpose of collection of such data and whether it is mandatory to provide it. Do not click on hyperlinks in unknown SMS messages, emails or webpages, and avoid visiting any suspicious websites or downloading attachments therein;
  2. Visit official websites: Governments of other jurisdictions will publish details regarding entry requirements on their official websites. Members of the public should visit the official websites directly for reliable information when they apply for entry permits. Similarly, the HKeToll and membership reward schemes will also provide the official login channels on their official websites or mobile apps. If you are in doubt about the authenticity of any SMS message, do not click on the link in the suspicious message. Instead, visit the official websites or mobile apps directly to ascertain the particulars of the HKeToll or login to your account to check your reward points or expiry dates;
  3. Keep an eye on your accounts and transactions: Monitor your online banking accounts or membership reward schemes’ accounts from time to time, watch out for any unusual login records of your accounts and personal emails, and pay attention to any unauthorised transfers or transactions in your bank accounts or credit card accounts;
  4. Protect your passwords: Change the passwords of the accounts of your membership reward schemes from time to time and activate the two-factor authentication feature (if any), and never disclose passwords to anyone; and
  5. Fraud prevention information: Pay attention to fraud prevention messages published by the PCPD, the Police or relevant organisations to guard against phishing websites or fraudulent SMS messages.
The PCPD has already set up a “Personal Data Fraud Prevention Hotline” 3423 6611. Members of the public are welcome to call the hotline to make enquiries or complaints if they encounter any suspected data scam.