Solutions HKCERT has found that fraudsters are using phishing websites under different themes to launch large-scale distributed attacks, combining tactics such as official impersonation, brand imitation, and social engineering to improve their success rate. In particular, for people who have already been scammed, fraudsters use fake ADCC websites and so-called professional teams, together with claims of being able to recover scammed funds, to carry out secondary scams and further steal money and sensitive data. The public should remain vigilant and must not trust any website or contact method claiming it can quickly or highly likely recover scam losses. If in doubt, always verify information through official channels to protect personal and financial security. Security Advice for the Public HKCERT reminds members of the public to: Carefully verify the full URL. Official government websites generally use the “.gov.hk” domain. The URLs of phishing websites are often very similar to those of official websites, but may differ slightly in spelling, word order or top-level domain. Users should carefully verify that the URL is correct before entering any information. Do not handle scam cases through instant messaging platforms. Official agencies generally do not instruct users via WhatsApp to recover money or transfer funds. Stay cautious of services claiming they can help recover money. Such services may be secondary scams. Avoid clicking on unknown or unverified links. Whether a link comes from email, text message, social media, instant messaging platforms or search engine adverts, users should not click on it unless its authenticity has been confirmed. Do not enter personal or payment information on suspicious websites. If the source of a website is unclear, or if the domain name does not match the official website, users should not enter their name, telephone number, email address, credit card information, verification code or other sensitive information. It is advisable to type the official website address directly into the browser. Avoid entering websites through search engine ads or unknown links. If Information Has Been Submitted, the Following Actions Should Be Taken Immediately If members of the public suspect that they have entered personal information or credit card information on a suspicious website, they should take the following steps as soon as possible: Stop all contact with the other party immediately; Do not provide any further personal or financial information; Immediately contact the relevant bank or credit card issuer to report the incident and request appropriate protective measures; Closely monitor bank account and credit card transaction records to check whether any unauthorised transactions have occurred; Call the Hong Kong Police Force Anti-Deception Coordination Centre hotline “Anti-Scam Helpline 18222” for assistance; Retain relevant records, including website screenshots, text messages, emails, payment notifications and transaction records, for future follow-up or reporting purposes. Businesses or members of the public who wish to report to HKCERT on information security related incidents such as malware, phishing, denial of service attacks, etc. can do so by completing the online form at: https://www.hkcert.org/incident-reporting , or calling the 24-hour hotline at +852 8105 6060. For further enquiries, please contact HKCERT at hkcert@hkcert.org .