Solutions Security Advice for the Public HKCERT reminds members of the public to: Carefully verify the full URL. The URLs of phishing websites are often very similar to those of official websites, but may differ slightly in spelling, word order or top-level domain. Users should carefully verify that the URL is correct before entering any information. Avoid clicking on unknown or unverified links. Whether a link comes from email, text message, social media, instant messaging platforms or search engine adverts, users should not click on it unless its authenticity has been confirmed. Do not enter personal or payment information on suspicious websites. If the source of a website is unclear, or if the domain name does not match the official website, users should not enter their name, telephone number, email address, credit card information, verification code or other sensitive information. It is advisable to enter the official website address directly in the browser. When making a restaurant reservation, users are advised to type the restaurant’s official website address directly into the browser, or to use a previously verified bookmark to access the relevant page. If in doubt, verify through the contact details listed on the official website. If users are unsure whether a reservation page belongs to an official website, they should first contact the restaurant using the contact details listed on its official website before deciding whether to proceed with the reservation or payment. If Information Has Been Submitted, the Following Actions Should Be Taken Immediately If members of the public suspect that they have entered personal information or credit card information on a suspicious website, they should take the following steps as soon as possible: Immediately contact the relevant bank or credit card issuer to report the incident and request appropriate protective measures; Closely monitor bank account and credit card transaction records to check whether any unauthorised transactions have occurred; Call the Hong Kong Police Force Anti-Deception Coordination Centre hotline “Anti-Scam Helpline 18222” for assistance; Retain relevant records, including website screenshots, text messages, emails, payment notifications and transaction records, for future follow-up or reporting purposes; Contact the Office of the Privacy Commissioner for Personal Data (the PCPD) for assistance. Businesses or members of the public who wish to report to HKCERT on information security related incidents such as malware, phishing, denial of service attacks, etc. can do so by completing the online form at: https://www.hkcert.org/incident-reporting , or calling the 24-hour hotline at +852 8105 6060. For further enquiries, please contact HKCERT at hkcert@hkcert.org .