The emails were sent by an anonymous party trying to extort some Hong Kong companies out of US$20,000 in bitcoin. If the recipients did not pay, the message threatened, their office would be bombed.
The threats arrived in the early hours of Friday in New Zealand, Canada and the United States. In New York, officers were reportedly inspecting at least 40 possible bomb locations, but in vain, leading them to suspect it was a hoax.
In Hong Kong, Michael Gazeley, CEO of cybersecurity firm Network Box, said the email landed in his corporate email inbox at 1.51am on Friday. He said he was shocked.
“This looks like the third wave of blackmail emails plaguing the world in the past few years,” he said. “I have never seen something like this, which sounds like cyberterrorism, in my 20-year career in cybersecurity.”
He added that the previous waves of emails involved scammers blackmailing people after hacking into their emails and credentials on social media like LinkedIn. Then last year there were fraudsters who hacked into adult webcam accounts to blackmail victims wishing to avoid having their use of pornography revealed.
Gazeley said he did not report the threat to police, because it did not seem credible.
“Compare the layout, the language and poor grammar of the email with the previous waves of emails. I am 99.999 per cent sure it is not real,” he said. “The bomb email didn’t even specify where my office is. But the threat to blow up my office is quite a new development in scams.”
Charles Mok, who represents the IT sector in the Legislative Council, said he was not surprised to see the new form of online scam. But he was not impressed by the threats’ quality.
“Scammers need to be smarter,” he said. “They can’t just say in a spam email, ‘You need to pay me or I blow up your office’. Would you pay after reading the email?”
Hong Kong has been ranked in the top five global jurisdictions most vulnerable to cyberattacks. Businesses suffered 9,122 cyberattacks in the first 10 months of this year, a 55 per cent jump on the same period last year, according to information security watchdog the Hong Kong Computer Emergency Response Team.
The money lost to scams this year by Hong Kong residents and companies, about HK$2.26 billion by September, was a 565 per cent increase from 2012, according to police data.