Online threats have surged in Hong Kong this year, with scams, phishing and malware among the most common attacks, a survey found, as a lack of cybersecurity awareness continues to plague the city.

Forty-nine percent of Hong Kong respondents have experienced online threats over the past 12 months, compared with 4% in the previous period, according to a recent report by antivirus software vendor Norton.

Scams were the most common online threat, affecting 34% of respondents to the survey. Nearly two-thirds of the victims lost money or time as a result. The next most prevalent threats, phishing and malware, each affected 28% of the respondents, according to the US firm, a subsidiary of Nasdaq-listed software company Gen Digital.

Hong Kong police said in July that financial losses resulting from online scams jumped 37% year on year in the first five months of 2024, even though the number of incidents rose less than 1%.

Police in June arrested 10 people after swindlers impersonating mainland security officials cheated a 70-year-old businesswoman out of HK$258mil (RM138.05mil or US$33.2mil) in a phone scam.

In August, local authorities, including the police force and the Hong Kong Monetary Authority (HKMA), asked 32 banks and 10 stored-value-facility operators to expand the scope of their anti-fraud alerts to include suspicious transactions made at bank counters or through the internet.

Alerts on automatic teller machines are set to launch by the end of the year, according to the HKMA.

Online threats, targeting both individuals and organisations, have been on the rise in Hong Kong in recent years. Cybersecurity experts have described the city’s businesses as an “easy target” for attacks because few companies know how to monitor for cyber threats.

Hong Kong police said that in the first three months of the year, botnet incidents – attacks carried out by a network of malware-infected computers – soared 44.5% year on year.

Amid rising concerns, the government aims to forward to lawmakers a bill by the end of the year that seeks to improve cybersecurity around critical infrastructure. Under the proposal, operators of essential infrastructure spanning eight sectors face a HK$5mil fine if they fail to secure their critical computer systems. – South China Morning Post