Security Corner

It’s not enough just to be alert to online security issues – we also need to install comprehensive anti-virus software and use a reliable email provider to ensure important information is kept safe.

Security Corner
  • Security Notification
    Security Reports
    Date
    Type
    Incident
    22 April, 2022
    phishing email
    A phishing email claiming to be sent from NETVIGATOR. The phishing email alleged that customer's auto payment is failed and the payment information is needed to be updated. Fake hyperlinks are provided in the emails, tricking the recipients into providing their credit card information.
    26 May, 2021
    Bogus call
    A bogus telephone call pretending to be NETVIGATOR staff, advising abnormal situation on the router has been found, their email service needed to be reactivated, abnormal usage on their Internet service has been detected, or that their network or their NETVIGATOR account has been hacked.
    14 April, 2021
    Bogus website
    Bogus online activities purporting to be organised by HKT
    12 March, 2021
    phishing email
    A phishing email claiming to be sent from NETVIGATOR. The phishing email alleged that customer's auto payment is failed and the payment information is needed to be updated. Fake hyperlinks are provided in the emails, tricking the recipients into providing their credit card information.
    27 January, 2021
    Phishing SMS
    A phishing SMS claiming to be sent from NETVIGATOR. The phishing SMS alleged that the recipients had paid NETVIGATOR monthly fees twice and informed them to follow certain steps for refund.
    9 November, 2020
    Bogus website
    Bogus online activities purporting to be organised by NETVIGATOR, misleading netizens to answer a few questions and to disclose certain personal information in order to win a prize
    19 October, 2020
    Bogus website
    Bogus online activities purporting to be organised by NETVIGATOR, misleading netizens to answer a few questions and to disclose certain personal information in order to win a prize
    19 August, 2020
    Bogus website
    A bogus online survey purporting to be organised by NETVIGATOR, misleading netizens to answer a few questions and to disclose certain personal information in order to win a prize
    27 July, 2020
    phishing email
    Summary of the Bill
    20 July, 2020
    Bogus website
    A bogus online customer reward program purporting to be organised by NETVIGATOR, misleading netizens to answer a few questions and to disclose certain personal information in order to win a prize
    15 July, 2020
    Bogus call
    A bogus telephone call pretending to be NETVIGATOR staff, advising customers that abnormal usage on their Internet service has been detected, or that their network or their NETVIGATOR account has been hacked. Thus, misleading to provide certain personal information.
    28 May, 2020
    Bogus website
    A bogus online survey purporting to be organised by NETVIGATOR, misleading netizens to disclose their personal information for receiving a prize
    5 May, 2020
    Bogus website
    A bogus online customer reward program purporting to be organised by NETVIGATOR, misleading netizens to answer a few questions and to disclose certain personal information in order to win a prize
    14 April, 2020
    Bogus website
    A bogus online customer reward program purporting to be organised by NETVIGATOR, misleading netizens to answer a few questions and to disclose certain personal information in order to win a prize
    22 February, 2020
    Bogus website
    A bogus online customer reward program purporting to be organised by NETVIGATOR, misleading netizens to answer a few questions and to disclose certain personal information in order to win a prize
    7 February, 2020
    Bogus website
    A bogus online customer reward program purporting to be organised by NETVIGATOR, misleading netizens to answer a few questions and to disclose certain personal information in order to win a prize
    11 Oct, 2019
    Bogus website
    A bogus online campaign purporting to be organised by NETVIGATOR, misleading netizens to pay for receiving a prize
    30 Sep, 2019
    Bogus website
    A bogus online customer reward program purporting to be organised by NETVIGATOR, misleading netizens to answer a few questions and to disclose certain personal information in order to win a prize
    15 May, 2019
    Bogus website
    A bogus online lucky draw campaign purporting to be organized by NETVIGATOR has gone live online, misleading netizens to disclose their personal information to win a prize
    22 March, 2019
    phishing email
    You Have 6 Undelivered Messages
    7 March, 2019
    phishing email
    WARNING: NETVIGATOR OVERDUE Bill for Mar 2019
    14 January, 2019
    phishing email
    NETVIGATOR Monthly Bill for Jan 2019
    18 December, 2018
    phishing email
    URGENT : Netvigator - Payment Notice
    12 November, 2018
    phishing email
    Mandatory account update
    22 October, 2018
    ransom email
    Your mailbox is hacked
    24 August, 2018
    phishing email
    URGENT: Account notification
    12 August, 2018
    phishing email
    You 1 New Message
    13 July,2018
    phishing email
    URGENT: NETVIGATOR Service - Payment Notice
    28 June, 2018
    phishing email
    MyHKT Refund.
    13 June, 2018
    phishing email
    URGENT : Suspicious Netvigator Account Activity!
    6 June, 2018
    phishing email
    您 的 电子邮件 被 封锁
    23 April, 2018
    phishing email
    Hkstar重要电邮更新
    11 April, 2018
    phishing email
    BizNetvigator Monthly Bill for Apr 2018
    15 January, 2018
    phishing email
    Two Pending Incoming Messages
    2 November, 2017
    phishing email
    Suspicious Activity on your Netvigator Profile or Account(s)
    14 September, 2017
    phishing email
    NETVIGATOR - OVERDUE PAYMENT NOTICE
    12 September, 2017
    phishing email
    Your mailbox will be deactivated soon
    25 August, 2017
    phishing email
    Email Alert!! attempted to change your password
    28 July, 2017
    phishing email
    no subject
    18 July, 2017
    phishing email
    Important account information
    3 July, 2017
    phishing email
    Email Advocacy Report
    29 June, 2017
    phishing email
    URGENT: NETVIGATOR Service - Payment Notice
    17 June, 2017
    phishing email
    NETVIGATOR - Credit card autopay rejection
    3 June, 2017
    phishing email
    Your email is blocked!!
    2 June, 2017
    phishing email
    1 New Notification
    23 May,2017
    phishing email
    邮箱立即取消注册
    15 May, 2017
    phishing email
    Payment failed !
    8 May, 2017
    phishing email
    NETVIGATOR - Credit card autopay rejection
    3 May, 2017
    phishing email
    Accout Verification Required
    1 May, 2017
    phishing email
    NETVIGATOR : Settle your bill to avoid service interruption
    21 April, 2017
    phishing email
    NETVIGATOR - Credit card autopay rejection
    18 April, 2017
    phishing email
    Email Deactivation
    10 April, 2017
    phishing email
    Your Bill as at 28 Mar 2017
    6 April, 2017
    phishing email
    Your Bill as at 27 Mar 2017
    5 April, 2017
    phishing email
    Mail Verification Alert!!
    30 March, 2017
    phishing email
    Please, update your personal information
    21 March, 2017
    phishing email
    Email Notice
    8 March, 2017
    phishing email
    Email Account Deletion
    8 March, 2017
    phishing email
    eAlert
    3 March, 2017
    phishing email
    Upgrade your inbox
    21 February, 2017
    phishing email
    Storage Warning
    20 January, 2017
    phishing email
    000
    20 January, 2017
    phishing email
    URGENT: Autopay rejection !
    15 January, 2017
    phishing email
    UPDATE YOUR BILLING
    10 January, 2017
    phishing email
    The transfer has failed.
    9 January, 2017
    phishing email
    Upgrade Notification
    2 January, 2017
    phishing email
    Update required - Netvigator account on hold.
    30 December, 2016
    phishing email
    The transfer has failed.
    16 December, 2016
    phishing email
    Your latest Bill cannot be processed
    15 December, 2016
    phishing email
    Your monthly bill for NETVIGATOR service has been issued
    5 December, 2016
    phishing email
    My Account
    3 December, 2016
    phishing email
    Your latest Bill cannot be processed
    11 November, 2016
    phishing email
    Your Business Netvigator Access Is About To Expire! 08/11/2016
    5 November, 2016
    phishing email
    URGENT: Autopay rejection , avoid suspension of service !
    5 November, 2016
    phishing email
    Warning Your Email xxx@netvigator.com is running low
  • Beware of phishing email
    An alert from NETVIGATOR: Beware of phishing email

    Our attention has been drawn to phishing emails apparently from HKT, NETVIGATOR or My HKT.

    Phishing email makes false statements such as suggesting the recipient’s monthly NETVIGATOR subscription remains unpaid, or that his/her mailbox is full. Requests can include supply of credit information, while fake hyperlinks trick recipients into providing their NETVIGATOR login names, passwords or credit card information. Please note that hyperlinks in phishing email and the sender’s actual email address will differ from those used by NETVIGATOR.

    Such emails were NOT sent by us. We would never ask for a customer’s credit card information or other personal data via email.

    NETVIGATOR Customer Service: custserv@netvigator.com

    NETVIGATOR’s customer service email address is “NETVIGATOR Customer Service: custserv@netvigator.com” as above. If you receive an email purporting to be from NETVIGATOR, it must carry this address. If it does not, then it is almost certainly bogus. If you receive a suspicious email claiming to be from NETVIGATOR, please do not reply, do not click on the links provided, nor download any attachment. Instead, report it to us at pmaster@netvigator.com. Alternatively, you can contact us via Online Live Chat, or call the consumer service hotline on 1000. We will investigate immediately.

    What is phishing email?

    This is a form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Phishing email usually includes attachments, software or an upgrade program containing a virus or spyware. It can also include a link to a fake website to trick you into divulging information such as account IDs and passwords. A victim’s PC can even be used as a “zombie computer” to attack other users’ devices, with often disastrous consequences.

    Destructive power

    Cybercriminals pose as reputable entities and send email designed to trick users into clicking on a malicious link. The idea is to cheat a user into divulging account IDs, passwords, name, address, telephone number or credit card information – all to be used for fraudulent purposes.

    Some cybercriminals use an innocent user’s infected computer to send out phishing emails. Such infections can be caused by a virus, Trojan horse or malware. This often results in a user’s email provider having its server blacklisted, which can cause serious delays in delivery because several days can pass before a blacklisting is reversed.

    phishing
    How to identify phishing email

    Phishing messages are made to look as if they come from a reputable organization and often carry an attractive prospect in the subject field, while others appear to be from a government agency or bank. It is therefore essential to learn how to identify phishing email.

    Prevent phishing email
    Install an anti-virus software

    Reliable anti-virus software is designed to detect and deal with most kinds of phishing email, as well as viruses, spyware, malware and Trojans. Such software should be installed on all Internet devices such as mobile phones and tablets.

    Select a reliable email provider

    Some free webmail services do not provide comprehensive protection, so it’s important to use a reliably safe email service in order to reduce the risk of spam and phishing messages being received. A safe email service should provide spam filtering and anti-phishing functionality. Some reputable email services filter malicious email that contains virus-bearing attachments or phishing hyperlinks.

    Activate spam-filtering functionality

    NETVIGATOR email service verifies a sender’s IP address and domain name. Its “Enhanced Junk Filter” feature aims to block spam and phishing emails. It automatically sends them to spam folders to minimize email-based hacker attacks.

    spamFilter
    Use a disposable email address

    NETVIGATOR also provides a “disposable email address” feature that allows you to create up to 20 disposable email addresses. This aims to prevent leakage of genuine email addresses and reduces the likelihood of phishing email being received.

    Change your email password frequently

    You should change your email password periodically – and use a different password combination to register for online services. This can reduce the risk of your account being hacked.

    Never open suspicious emails or attachments

    If you suspect you have received a phishing email, do NOT click on any link or attachment. Remember, you can always make a quick call to verify authenticity. You can also seek assistance from your email service provider.

    And if you receive an email asking you to verify your personal or account information – such as by revealing passwords, online banking login information, or credit card numbers – resist any temptation to comply.

    Click here to find out more information on Email Scam.

    Please contact us if you suspect someone posing as NETVIGATOR has sent you email. Simply report it to pmaster@netvigator.com and we will act immediately. You can also contact us via the online Live Chat service, or call the PCCW Consumer Service Hotline on 1000.

  • Beware of ransomware
    An alert from NETVIGATOR: Beware of ransomware

    Cybercriminals make money by using viruses to pose threats to systems and files – and ransomware has become one of the most common such scams. A characteristic is that it does not damage a victim’s computer data immediately. Instead, it encrypts data using high-spec methods and denies access to the owner. A ransom is demanded if the user wants access to his/her own data.

    Bank-level encryption

    Common ransomware employs bank-level encryption methods similar to those used in online transactions. Encryption and decryption keys are different, so even though the encryption key might be found on a victim’s computer, decryption cannot be guaranteed. A key could be as long as 1024 or even 2048 bits, which means decryption could take up to a million years to calculate.

    security
    Covert infection

    Earlier computer viruses required users to download malicious files, but simply visiting a malicious website is enough to do damage these days. Ransomware such as WannaCry exploited a Windows security bug and spread itself into un-patched Windows computers connected on the same network. The fact was, many users were not accustomed to installing security patches or activating Windows updates, and this increased the severity and scale of the damage.

    Botnets and bots

    Other types of cyber attacks are occurring in the background with hardly anyone noticing. Some attacks aim to recruit victims’ computers as bots in a botnet for future attacks. These can involve congesting networks, or mining bitcoins.

    virus
    Taking care of Mac and Android devices

    Mac is perceived to be secure, but has been found infected by MacRansom ransomware. Although scale of attack has been limited, it is worth noting its significance. Mobile payment and banking are getting more popular, so criminals are starting to target mobile platforms. The incidence of malicious apps infecting the Android operating system is increasing. These malicious apps not only lock up the screen and encrypt user files – some even reset the screen lock PIN, open specific websites via the browser, steal message contents and contact information, and switch Wi-Fi and mobile data on/off, as well as track a user’s location – all constituting a significant threat. Malicious apps are also able to infect iOS and NAS devices, so users should pay attention to all connected devices.

    macAndAndroid
    Better practices

    Users wishing to protect their devices from cyber attacks should follow best practices, such as:

    1. Backup regularly and keep an offline copy in a safe place, preventing exposure to malicious apps
    2. Install/update OS and software security patches regularly
    3. Install and update antivirus software regularly
    4. Perform full computer scans regularly to detect and prevent malicious app attacks
    5. Disable or restrict a computer system’s unnecessary features and services
    6. Do not open suspicious emails or download attachments from them
    7. Do not visit suspicious websites or download files from such websites

    Do not skip updates for your anti-virus software or operating system, as the time you save could turn out to be far more expensive than you imagined!

    Click here to find out more information on "No More Ransom".

  • Other Internet Safety and Technology Crime information
    Latest Trends of Internet Safety and Technology Crime
    Useful links
    Ransom Email
    Click here to find out more details
    Romance Scam
    Click here to find out more details
    InfoSec Website by Government of Hong Kong
    Click here to find out more details