Fake Hongkong Post page in Chinese detected

Posted byAnti-phishing Leave a comment on Fake Hongkong Post page in Chinese detected

Threat Intel: This malicious interface was intercepted, verified, and locked down firsthand by the Antiphishing.biz security team during our automated link scanning workflows. To protect the public, the hostile origin link has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "Fake Hongkong Post page in Chinese detected" phishing interface captured during link moderation on our platform.
Figure 1: Actual screenshot of the live scam infrastructure isolated on our infrastructure.
Actual screenshot 2 of "Fake Hongkong Post page in Chinese detected" phishing interface captured during link moderation on our platform.
Figure 2: Actual screenshot of the live scam infrastructure isolated on our infrastructure.

These two screenshots show a phishing campaign impersonating Hongkong Post (香港郵政). The scam uses a fake delivery notification to trick victims into paying a small fee (HK$30.00) and, in the process, steals personal information and full credit card details.

Threat Analysis: Hongkong Post Phishing – Fake Delivery Fee & Personal/Card Data Harvesting

How it works:

  1. The victim receives an SMS, email, or messaging app alert claiming a package is awaiting delivery and a small fee is required to complete the shipment.
  2. Step 1 – Personal Information Page (First Screenshot)
    The victim is asked to provide:
  • Address, city, phone number, postal code
  • Date of birth
  • Email address
  1. Step 2 – Card Details Page (Second Screenshot)
    The victim is then asked for:
  • Cardholder name
  • Full credit card number
  • Expiration date (MM/YY)
  • CVV / CVC

A fake tracking number and Hongkong Post branding are used to appear legitimate.

The goal:
The attacker collects:

  • Personal information (name, address, DOB, phone, email) for identity theft
  • Full payment card details (number, expiry, CVV) for fraudulent transactions

Red flags to watch for:

  • Suspicious URL: The pages are hosted on a domain that is not hongkongpost.hk or an official government domain.
  • Request for date of birth and card CVV: A legitimate delivery service does not need your date of birth or card security code to collect a fee.
  • Small fee trick: HK$30 is a trivial amount meant to lower suspicion.
  • Fake tracking number: The tracking code cannot be verified on the official Hongkong Post website.
  • No personalization: The message does not reference a genuine package or tracking number the victim would recognize.

What to do if you encounter this:

  • Do not enter any personal or card information.
  • If you are expecting a package, track it directly on the official Hongkong Post website (hongkongpost.hk) using your real tracking number.
  • If you have already submitted card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Hongkong Post and to the relevant authorities.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are collected at the point of delivery or through secure official portals.
  • Check the URL carefully: Look for misspellings, extra words, or unusual top‑level domains.
  • Enable two‑factor authentication on your email and banking accounts to reduce the impact of credential theft.

Leave a comment

Your email address will not be published. Required fields are marked *