Hong Kong Security Watch Report (Q4 2022) 香港保安觀察報告 (2022年第四季度)

feature image

Reference from hkcert.org.


Tips for Safe Online Shopping

  1. Don’t click on any links or attachments from an unknown sender. Always enter the URL of the online shopping platform directly in your browser or use bookmarks. Be careful with the legitimacy of the links and emails. For example, check for spelling and grammatical errors in the URL, or whether the sender is trustworthy. If the website does not use HTTPS for encryption, please be careful and do not provide sensitive information.
  2. Change the account password of the online shopping platform regularly. Use different passwords for different accounts to prevent from cascading impact if one of them is compromised.
  3. Enable multi-factor authentications to enhance account security.
  4. Place orders or check order status from the official website or mobile app only.
  5. If you receive a suspicious email or instant message, please verify the details at official channels. Do not provide sensitive information to an unknown sender.
  6. Check your online payment records regularly for suspicious transactions.
  7. Verify the social media page of an online shop by using the social media verification badge function (Such as the Blue Badge in Facebook and Instagram);
  8. Adopt anti-phishing feature in web browsers to help blocking phishing attacks; and
  9. Use the free search engine “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL or IP address, etc.


  1. 切勿隨便點擊來歷不明的連結或附件。盡量在瀏覽器直接輸入網購平台網址或使用瀏覽器書籤。檢查連結及電郵的合法性,例如檢查清楚網址有否拼寫錯誤、文法錯誤或寄件人是否可信。若網站並非使用HTTPS加密,應倍加小心,切勿在沒有加密的情況下輸入敏感資訊;
  2. 定期轉換網購平台賬戶密碼,於不同的帳戶使用不同的密碼,以防止其中一個資料被外洩後牽連其他帳戶;
  3. 用戶應啟用多重認證以加強保安;
  4. 只經官方網站或手機應用程式購物或查看訂單情況;
  5. 收到可疑電郵或訊息後,可以向官方渠道查詢詳情,切勿向來歷不明的電郵或訊息發送者提供敏感資料;
  6. 定期檢查自己的網上付款記錄,查看是否有可疑交易;
  7. 使用社交平台徽章認證功能(例如Facebook和Instagram中的藍色徽章)來驗證網店的社交平台頁面是否真實;
  8. 在瀏覽器上設定反釣魚網站功能以助阻擋釣魚攻擊;和
  9. 使用「CyberDefender 守網者」提供的免費搜尋器「防騙視伏器」來辨識詐騙及網絡陷阱,此搜尋器支援檢查電郵地址、網址和IP地址等。

Security Advice

Malicious email is one of the spreading channels of AgentTesla. Moreover, different variants of AgentTesla have already appeared on the Internet. Hence, HKCERT recommends users to:

  1. Always keep the system, software, and antivirus software up to date
  2.  Do not open unknown files, web pages and emails
  3. Confirm the legitimacy of sender and the content of the email before opening the attachments and links in the email,
  4. Check the file extension to avoid being misled by the file name. Do not open any executable file or Microsoft Office files with macros obtained from unknown source.
    1. Executable file extension: .exe, .vbs, .js, .bat, msi, .ps, psc1, .cmd, .wsf, .jar, .reg, etc.
    2. Microsoft Office files with macros can be contained in all kinds of Office files (e.g. .doc/.docm, .xls/.xlsm, .ppt/.pptm). Users are advised to disable all macros from auto-run in the security settings.
  5. Use password management tools to manage the passwords instead of storing them on browsers.
  6. Use lower privileged accounts for daily use instead of system administrator accounts.
  7. Set up “multi-factor authentication” (MFA) to enhance the account security.


AgentTesla 的其中一個傳播途俓是以惡意電郵附件誘導用戶開啟,而網上更已出現多個變種版本,因此HKCERT 建議用戶:

  1. 經常保持系統、軟件及防毒軟件於最更新狀態;
  2. 切勿胡亂開啟不明檔案、網頁及電郵;
  3. 開啟電郵內的附件及連結之前最好先確定寄件者身份及電郵內容;
  4. 檢查文件的副檔名以免被檔案名稱誤導。不要開啟不明來歷的執行檔和 Microsoft Office 文件檔中的巨集:
    1. 執行檔的副檔名:.exe, .vbs, .js, .bat, msi, .ps, psc1, .cmd, .wsf, .jar, .reg等
    2. Microsoft Office 文件檔的巨集可以包含在所有類型的 Office 文件中(例如 .doc/.docm、.xls/.xlsm、.ppt/.pptm),建議用戶透過保安設定,禁止自動執行任何巨集
  5. 用戶可以考慮使用密碼管理器來管理密碼,以取代將密碼儲存於瀏覽器;
  6. 用戶應該使用較低權限的帳戶去處理日常工作,而非使用管理員帳號;及
  7. 用戶可以設定「多重身份驗證」(MFA )加強帳號保安。