Everything You Need to Know About Phishing and Online Scams

What Is Phishing and Why Is It So Dangerous?

Phishing is a cyberattack in which criminals impersonate trusted organisations or individuals to trick victims into revealing sensitive information — credentials, financial details, personal data — or taking harmful actions like transferring money or installing malware. The name derives from "fishing" — casting bait and waiting for victims to take it. Phishing is consistently ranked as the most prevalent initial access vector in data breaches worldwide, and Hong Kong is no exception: the Hong Kong Police Force records tens of thousands of phishing-related cybercrime reports annually.

What makes phishing so dangerous is that it attacks the human element of security rather than technical vulnerabilities. A perfectly patched, fully updated system with enterprise-grade endpoint security can be completely compromised by a single employee clicking a convincing phishing link and entering their credentials. Technical controls help — anti-phishing filters, browser warnings, email authentication protocols — but none are 100% effective against well-crafted, targeted phishing attacks. Human awareness and scepticism are the essential last line of defence.

• Most common attack vector: Phishing initiates more successful breaches than any other method globally
• Attacks humans, not systems: Bypasses technical security by exploiting human psychology and trust
• Increasing sophistication: AI-generated content makes phishing emails increasingly convincing and personalised
• HK targeting: Fake bank, Octopus, government, and utility messages are among the most common HK phishing themes