Police have recently warned of a resurgence of online account hijacking scams, with 20 cases linked to phishing text messages on WhatsApp in the past week, resulting in total losses of up to HK$1 million.
Fraudsters send phishing messages impersonating WhatsApp's official security verification center, claiming that users' accounts have not been verified for an extended period.
Victims will then be prompted to enter a one-time 8-digit verification code, which is actually a new registration code for scammers to log into the victims' accounts from other devices.
With full control of the victim's accounts, the scammers will use the information to deceive the victim's friends and family for money. The scam can be difficult to detect unless the victims' contacts call to verify the user's identity.
Owing to the increasing trend, police urged the public to log out of connected devices regularly and avoid entering unfamiliar codes.
Additionally, they recommend enabling two-factor authentication and bookmarking frequently used websites instead of relying on search engine results.
The public is also advised to avoid connecting to public Wi-Fi, logging into accounts on public computers, disclosing passwords and verification codes, or scanning unknown QR codes.
Police encourage citizens to stay vigilant, confirm identities before responding to requests, and utilize the mobile application "Scameter+" if they have any doubts.
