Solutions HKCERT urges the public to remain vigilant and never enter any information or make payments on suspicious websites. If you receive suspicious SMS messages or emails purporting to be from WSD, do not click on any links and do not provide personal or payment information. If you need to check your bill or make a payment, enter the official website address directly in your browser or use the official mobile application. To guard against related phishing attacks, please take the following measures: Avoid clicking links from unknown sources, especially messages that use urgent language such as “limited-time discount,” “arrears,” “water suspension,” or “fines.” Verify the website address first. Government departments’ official websites generally use the “.gov.hk” domain. If a URL appears suspicious, stop the operation and manually enter the official address in your browser. The official WSD website is www.wsd.gov.hk . Never enter sensitive information, such as identity card numbers or credit card details, on suspicious websites. For payments or bill enquiries, use official channels such as the official website or mobile application, or verify via the organisation’s official contact methods. Use the free search engine “Scameter” of Cyberdefender.hk to identify fraud and network traps by checking website addresses and IP addresses. If you have already entered your credit card details on a phishing website, you should: Immediately contact your bank or card issuer to freeze and replace the card and change the passwords for any related accounts. Monitor your transactions and retain evidence (e.g., screenshots, emails, transaction records, URLs) for follow-up. HKCERT has released its " Hong Kong Cybersecurity Outlook 2026 " report. It recorded 15,877 security incidents in 2025, with phishing attacks remaining the biggest threat, making up nearly 60% of all cases. To learn more about defending against phishing, visit: https://www.hkcert.org/publications/all-out-anti-phishing . Businesses or members of the public who wish to report to HKCERT on information security related incidents such as malware, phishing, denial of service attacks, etc. can do so by completing the online form at: https://www.hkcert.org/incident-reporting , or calling the 24-hour hotline at +852 8105 6060. For further enquiries, please contact HKCERT at hkcert@hkcert.org.