Former Security Chief & Now Major Hong Kong Lawmaker, Regina Ip, Loses $65,000 in Email Hack
Regina Ip Lau Suk-yee recently fell victim to an email account hacking, in which the hackers used fairly old and simplistic phishing methods to gain access to her account.
Regina Ip is a former security chief and now sits on the Executive Council along with the Legislative Council in Hong Kong. After being hacked, she was informed by an attentive bank employee that hackers tried to move HK$500,000 (US$65,000) from her Swiss bank account to one in Singapore.
According to one source speaking to the South China Morning Post, alerts were made to everyone involved immediately.
We are alerting our counterparts in Singapore through our Liaison Bureau that the account there may be involved in money laundering or other illegal activities.
Regina Ip was able to stop the money movement quickly, getting her funds safely back into her account.
They made a lot of calls [to me]. The amount involved is not big. They thought there was an urgent need and the money was wired out,
Regina Ip said that pure carelessness was the main reason for her hacking. In a public statement, she noted that no private documents were stolen as they were never sent through email. Along with that, she said her busy schedule was one of the reasons for the oversight.
How Was Regina Ip Hacked?
It may seem quite trivial, but it obviously seems to work. Regina Ip was hacked because she downloaded an attachment in an email – one of the oldest tricks in the book.
The email read: “Regina, I need help. Urgent. Please open the attachment.” The email’s sender was an MTR Corporation chairman named Dr. Raymond Chien Kuo-fung, so there was reasonable suspicion that something was seriously a problem.
I thought a friend needed help so I opened the attachment at once. I guess that’s when I fell into the trap.
Once she downloaded the attachment, Raymond Chien sent out an email a few hours following warning everyone that his email had been compromised. Due to Regina Ip’s busy schedule, she did not see the email. She forgot to change her passwords at the time, thus succumbing to the theft.
“I believe they found … an instruction I once made to the bank to transfer a sum in US dollars to an account in the United States,” Ip said. “They then forged a letter to instruct the bank to transfer US$65,000 out.”
It’s always unfortunate to see someone fall victim to a malicious hack. It’s very grand that Regina Ip was able to get the total of her stolen funds back, but it shows that even the simplest of tricks still work on some people.
Featured image from Shutterstock.