Tag Archives: HKD

Goertzel, Rugby and the Sweet-talking Scam

The South China Morning Post reports (I’ve got the hard copy here; everything there is behind a subscription wall, so no full link I’m afraid) of a clever scam where the bad guys steal just enough stuff — cards + identity — from a victim to be able to social engineer their way into trust, but not enough for the mark to realise there’s anything missing before the sting. This takes some doing.

This is how it works: The fraudsters swipe a wallet or handbag from under chairs and tables at a weekend sporting event in Hong Kong. They remove bank ATM card and a business card of the owner and replace everything else. They then research the individual (presumably online, though they may have access to other information, I guess, from associates on the inside at a bank?).

They then wait a day and then call up the mark, identifying themselves as from the victim’s bank, asking some personal details and then asking if they’ve lost their ATM card. This may be the first time the mark has realised the card is lost. Along with a professional and comforting tone, and any personal details that the fraudster has been able to unearth online, this would further lure the victim into a false sense of security.

It’s then the fraudster would say he will cancel the cards and provide a temporary password once the account holder has typed their PIN into the phone. I like this bit; it would be easier and tempting, as in other scams (like this one in the UK) to try to persuade the victim to just give out their PIN verbally. But asking them to enter it into the keypad of their phone adds to the ‘illusion of formal procedure’ that social engineering relies so heavily on. The fraudster, of course, is easily able to attach a device to their phone to capture the tones of the PIN and decode it. They could even just record the tones and play them back against a set of tones. (Each digit has a different tone, according to something called dual tone multifrequency, or DTMF. Tones can be decoded using the Goertzel algorithm, via software like this.)

Once the PIN is handed over, the account is emptied. In the case cited in the SCMP, some HK$47,000 was removed with 82 minutes of the fraudster obtaining the PIN.

So, the obvious and slightly less obvious go without saying:

  • Never give your PIN to anyone, even a smooth-talking fella calling himself “Peter from HSBC.”
  • Regularly check your purse to see whether all your cards are there. If not, cancel them immediately.
  • Don’t put your name cards, or other revealing personal details, in the same place as your credit cards.
  • Don’t ever accept a call from your bank without taking down the person’s name and number and a telephone number you can verify independently (on statements or online.) Then call the bank back. Banks don’t like to do this, because it might mean you call them up when they don’t want to, but tough.
  • Give your bank hell every time they call you up and start asking you questions like “you have a credit card with us, is that right, sir? Would you like to up the limit on that card?” This is just asking for trouble, since calls like that are one small step away from a social engineering attack “Please just give me the card details and some personal information and we’ll increase that limit rightaway, sir”. If not that, it at least sows the idea in the customer’s mind that their bank phones them, and that somehow that’s OK.
  • Be aware that Google et al can, when combined, a pretty clear picture of who you are, even if you’re not a blogger or other form of online exhibitionist. So don’t be lulled by someone calling who seems to know enough about you to be able to pretend to be someone official. 

Anyone at the Rugby Sevens this weekend, take note.

Hong Kong’s Unseen Icon

Hong Kong is a very practical city — you’ve got to be, with everyone living on top of each other — but sometimes I wonder whether it’s also an overly conservative one. For example, the other day I was very impressed at how one restaurant, which only accepts cash, brings the change in anticipation of what bill you’ll pay with. Put a HK$500 down on the bill wallet, and with a flourish worthy of a magician, the wallet is opened at another page with the change already there. Charming, and practical, saving time, and footleather.

But that’s the only restaurant I’ve seen this at. Maybe there are more, but you would think an innovation like this would quickly catch on elsewhere. So far, it seems, it hasn’t.

Jak0310(41)To me the biggest area that is ripe for some innovation like that is the Hong Kong cart/trolley. It’s ubiquitous, and as long as I’ve been visiting Hong Kong it’s been here. For those of you haven’t seen one, it’s a very simple design: four small wheels, larger than a baby-buggy, but smaller than a child’s bicycle, overlaid with a metal frame and sometimes a wooden board. The handle is a simple iron rod bent at the top. That’s pretty much it.

Now, these things are everywhere. Out to grab a coffee this morning I spotted about 30. They’re so commonplace they’re invisible, which is tricky in a place where pedestrians or cars cover every inch of spare sidewalk or road. Somehow, the folk that use these things manage to navigate their way through the throng without any ankles removed, people upended or worse.

And they are used to carry everything. I started snapping a few, but quickly ran out of space on my cellphone before I could capture the full range:

Jak0310(40)

‘A yellow-booted guy transporting live fish’

Jak0310(37)

‘Dude Unloading Boxes’

Copy 2 of Jak0310(34)

‘Guy Shovelling Sand Into Baskets’

Jak0310

‘Man (Or Woman) Pushing Chair Backs Down Lee Garden Road’

Jak0310(19)

‘Gas Cannisters Locked To A Tree’

Copy 2 of Jak0310(31)

‘Guy Pushing Water Containers With Reading Matter in Hip Pocket’

Jak0310(01)

‘Woman Pushing Pile of Crap Down Lee Garden Road’

and the rather poignant ‘Elderly Woman With Empty Trolley Heading Off to Times Square’:

Jak0310(43)

OK, you get the idea. They’re multifunctional. They’re used by a wide swathe of age-groups and users. They’re also good for parking on Hong Kong’s many inclines:

Jak0310(03)

Indeed, you can park them more or less anywhere, secure in the knowledge that no one looks at them twice:

Copy 2 of Jak0310(32)

Clearly these trolleys are useful. But to me they’re still badly designed. You can see as much from the various customizations that their users have introduced. In the picture above, for example, you can see the classic ‘One Rope Across the Handle Bar’ hack which helps stuff not fall off the back. Variants on these include the ‘Multi Rope Web’ which does a better job, basically by tying as much rope or string across the back of the handle as possible. Those without rope can try the ‘Piece Of Cardboard Across The Handle Kept In Place By Tape Hack’:

Jak0310(30)

All of these look aesthetically awful, but have endured as long as I’ve been coming to Hong Kong, which is 16 years. Then there’s the problem of the handle itself. Not much you can do with it, except try the “Bag Hanging Hack” which is illustrated thus:

Jak0310(21)

Or the street-cleaners (yes they use them too) “Bag Hanging Hack + Bamboo Pole with Warning Red Flag On”:

Copy 2 of Jak0310(35)

But to me all these hacks cry out for a better design. There must be a better way of transporting stuff around in Hong Kong. Of course, there are other methods, from the old delivery bicycle:

Jak0310(18)

(I love the Chinese handwriting and telephone number painted on.) There’s also the smaller two-wheeled trolley concept:

Copy 1 of Jak0310(36)

But the four-wheeled trolley is by far the most popular. To me it’s an icon of Hong Kong and a testament to the grit and attitude of its people that they are still as common as they were a decade or so ago. I imagine that without these trolleys, Hong Kong would grind to a standstill:

Jak0310(39)

Still, I’m no designer, but I would have thought that these trolleys could be better designed, or some of the common hacks one sees on existing models could be built into future models? Or would that ruin the Unseen Icon of Hong Kong?

Moleskine Art, And A Backlash?

Just had a chance to visit the Moleskine Art exhibition in Hong Kong’s Times Square (a rather impoverished version of the original, the huge outdoor screen blaring trash across the concourse being the focal point).

Anyway, a modest exhibition in the basement, in one glass case in the shop. But nicely done by enthusiast Patrick Ng, and a true window on what people can do with their Moleskine notebooks. Here are some terrible photos I took with my cellphone of some of the exhibits (some much better pictures can be found here):

Jak0310(34)

Jak0310(35)

Jak0310(33)

Anyway, I’m probably biased because I interviewed him, but my money is on Mike Rohde, who does some lovely sketches in his:

Copy 1 of Jak0310(31)

Ironically, I left the shop buying some pens and a very, very cheap (HK$9) Chinese notebook. The paper’s cheap, the binding’s poor, there’s no pocket, no bookmark, but it’ll probably do for my sub-par thoughts, for now, given it’s less than 10% of the cost of a Moleskine and Hong Kong ain’t a cheap city to live in:

Jak0310(36)

Is this the start of the Moleskine Backlash?