@eLaw.com.hk 葉謝鄧律師行

Goods commonly adopting spamming include pornography, medical products particularly Viagra, debt elimination and loans offering. Sometime.spam is also used for a vehile for crimes e.g. scams such as stock pump-and-dump schemes, pyramid schemes and the Nigerian money transfer fraud.

Spamming is the act of sending unsolicited electronic messages in bulk, whether for commercial or non-commercial purpose. Sending unsolicited messages does not confine to emails. It happens with postal junk mails and junk fax. Pure spamming is not an offence in Hong Kong. The Office for Telecommunications Authority released a consultation paper to the public on 25th June 2004 with the wish to making spamming an offence.

Spam by emails is the most often seen form of spamming on the Internet. Emails are delivered with contents or messages for commercial advertising. Because of the little cost on sending email emails in massive scale, Non-commercial junk emails are also found.

It must be noted that sending unsolicited emails is not the only medium of spamming. Other media includes: instant messaging (such as ICQ or Yahoo Messaging), Usenet newsgroups and forum (message borads. Responsible service providers on Internet service has a set of rules or know-how to monitor and regulate the use of the Internet as a spamming tool. The examples are Yahoo!, ICQ a hotmail.

The American organization, the Electronic Frontier Foundation (www.eff.org) is a strong advocate of online privacy. It suggests the following twelve measures for Internet users to protect their privacy.

1 Do not reveal your personal information inadvertently

2 Turn on cookie notices in your Web browser, and/or use cookie management software or infomediaries.

3 Keep a "clean" e-mail address.

4 Don't reveal personal details to strangers or just-met "friends".

5 Realize you may be monitored at work, avoid sending highly personal e-mail to mailing lists, and keep sensitive files on your home computer.

6 Beware of sites that offer some sort of reward or prize in exchange for your contact or other information.

7 Do not reply to spammers, for any reason.

8 Be conscious of Web security.

9 Be conscious of home computer security.

10 Examine privacy policies and seals.

11 Remember that YOU decide what information about yourself to reveal, when, why, and to whom.

12 Use encryption!

Informal responses to spamming such as social pressure and industry self-regulation (through cooperation between the Privacy Commissioner, PCCW-HKT and the Hong Kong ISP Association) have been almost entirely ineffectual in battling spam. Technical responses have fared somewhat better, but often at a high cost. Efforts to filter or block spam, for example, frequently prevent legitimate messages from getting through. Other technical responses have done little to stem the tide of spam, and in some instances have led to expensive legal disputes.

Litigation is also not an effective means for solving the problem. Although a number of countries (such as Australia) have enacted specific laws in an attempt to regulate spam, Hong Kong does not have any specific anti-spam legislation. (Some amendments to the Telecommunications Ordinance in 2000 tried to address the issue by introducing the concept of a 'class licence' into the licensing scheme of telecommunications services.) Therefore, Hong Kong's most detailed guidelines on spam prevention are found in a Code of Practice issued by the Hong Kong ISP Association (HKISPA) in 2000. The HKISPA asks its ISP members, to include terms in their Internet access agreement that require the subscriber to not engage in sending spam messages. It also imposes sanctions on those subscribers that act in breach of this condition. Such sanctions include suspension and/or closure of the subscriber's account. However, it must be noted that this Code of Practice is not a law.

The PCO has also issued a statement on anti-spam initiatives. The PCO is also working with ISPs in Hong Kong to tackle spamming. ISPs which conform to their industry Code of Practice will be authorised to use a special identification logo that promotes them as supporters of anti-spamming. The details of the HKISPA code of practice, and some useful tips for minimizing the nuisance of receiving spam can be found at the following link: www.ofta.gov.hk/junk-email/main.html

The Privacy Commissioner has published a guideline document, "Personal Data Privacy and the Internet - A Guide for Data Users" to assist organizations comply with some of the more common applicable requirements of the Ordinance when they are collecting, displaying or transmitting personal data over the Internet. The guide has a section on "Direct marketing activities on the Internet" which emphasizes that organizations need to:

1 state that they are collecting information for the purposed of direct marketing, at the time of collection;

2 provide an opt-out choice to the individual;

3 maintain an opt-out list; and

4 set a policy on unsolicited advertising e-mails (spamming).

Businesses in Hong Kong who want to make use of direct marketing for the sale or promotion of their goods or services must comply with S.34 of the Ordinance.

As we can see, disclosure of personal information online may unwittingly expose individuals to a host of on- and offline dangers. However, we also cannot escape the fact that we need to give information to access online services and that information is stored about us on a daily basis across a range of electronic databases. Most of the services that require us to give personal information should have security measures in place to protect this information (and in a moment we will look at examples of corporate privacy and security statements). We should also be aware of our rights to data privacy and later in the unit we will explore how we can access and enact these rights.

The most fundamental guideline for protecting your own personal data is to only disclose personal information whenever it is absolutely required and where organizations or corporations offer clear guidelines to protect data privacy.

You should be extremely careful not to disclose personal information online in situations where there are no privacy protection guidelines (for example, posting personal information in a chat room or newsgroup). Avoid disclosing your own or others’ personal information such as email addresses, home addresses, job and company details in a public forum. Disclosing this kind of information in a public forum such as a chat room can lead to many of the above abuses of privacy as well as other problems such as solicitation for fraudulent investments, electronic harassment or stalking, and attempts to establish undesired relationships or contacts. Also, take care not to pass on others’ email addresses or details without their permission. Simply forwarding an email with others’ email addresses on it can compromise the data privacy of others and result in privacy intrusions such as unwanted messages or spam.

Regrettably, many Internet users are not sufficiently aware of the dangers associated with disclosing sensitive personal information in the online environment. To assist surfers protect their own privacy, Hong Kong's Privacy Commission Office has published a booklet entitled "Internet Surfing with Privacy in Mind - A Guide for Individual Net Users". This booklet is available from the PCO's website at www.pco.org.hk/english/publications/guide_privacy_mind_1.html

Scammers forged bank's identity and sent emails in massive scale (i.e. spamming). This is called 'branded fake'. Quite often, the e-mail addresses were randomly generated and it then by chance ‘hit’ the bank's customer. UK customers of MBNA had that experience in February 2004 which was widely reported in the news.

The faked emails came with a variety of subject lines such as "MBNA's OfficiaI Notice," "Attention all MBNA users" and "0fficial Notice for all users of MBNA." The message falsely claimed that the “bank” is putting in a new security system to "help you avoid frequently fraud transactions and to keep your investments in safety".

Customer logging in the fake page will have their personal bank information or identity stolen and relayed directly to the crooks who adopted spamming as a cheating tool.

Very often, the link on the email will lead the customer to a site bearing a ‘look and feel’ (colour, lay-out and even fonts) highly similar to the true site but in any event, the site will have a professional look in order not to arouse the customer's suspicion.

To avoid such kind of fraud, customers are advised to note the following:

1. Ensure that the emails truly come from the bank.

2. Don’t click on any links provided in the emails without thoughts

3. Before deciding to take any actions including clicking on the link, visit the true site first

4. If customer has doubts or is not sure, telephone the bank's customer hotline and enquire. Make sure that the telephone number is the number of the true bank.

5. Compare the domain name of the site if you have accidentally clicked on the link with the true site.

6. Report to the bank if you suspect there is a fraud or attempted fraud or you have been cheated.

7. Informing the bank IMMEDIATELY on being cheated is VERY IMPORTANT. This will enable the bank to take immediate step to ban the crook on dealing with your bank account.

In the past few years, many banks in UK and US as well as in Hong Kong had been bit by phishing scams. In Hong Kong, fraudsters were found to attempt to cheat banks’ customers by releasing fake web-site using domain names highly similar to the true banks. To give a few examples, they are: HSBC, DBS and Bank of East Asia.

In December 2003, NatWest of UK temporarily suspended its internet banking facility after some of its customers were sent fraudulent e-mails asking them to divulge their account details.

In October 2003, Nationwide and NatWest in UK were targeted by a similar hoax as was the Halifax, while in September fraudsters tried to trick customers of Lloyds TSB and Barclays.

On 7 December 2001 in UK, a five-strong Net fraud gang has been sentenced to a total of just under eight and half years for a conspiring to defraud online banks.

The four men and one woman made bogus multiple credit card applications with Egg, Cahoot, Smile, Marbles, MBNA, and SonyCard.

The gang, hailing from Buckinghamshire and Northamptonshire, were arrested by officers from the National Crime Squad in August 2000 after a six month operation.

Reported by Thomas Tse 15 February 2000

Internet Service Providers (ISPs) in Hong Kong will observe an industry Code of Practice to tackle spamming on the Internet, which involves bulk unsolicited e-mail messages or articles sent via electronic mail without the recipients' prior request or consent. This Code of Practice sets out that sanctions such as suspension of services should be imposed on spammers and that preventive measures should be taken by ISPs to reduce the possibility of spamming.
ISPs which conform to the industry Code of Practice will be authorised to use a special identification logo under the branding scheme to be launched by the Hong Kong Internet Service Providers Association (HKISPA).

The above initiatives were announced today in a press conference jointly conducted by the Office of the Telecommunications Authority (OFTA), the HKISPA and the Office of the Privacy Commissioner for Personal Data (PCO).

OFTA has published, in consultation with the two bodies, a promotional leaflet titled FAQs on Spam, which contains useful tips for Internet users to minimise the nuisance of receiving spam. The leaflets are now available from all District Offices and major Post Offices. The FAQs and Code of Practice can also be accessed from OFTA's homepage at http://www.ofta.gov.hk.

"We are pleased to bring together the HKISPA and PCO in a joint effort to tackle the problem of spamming through administrative measures. Industry self-regulation and consumer education are measures which have won support from the industry," said a spokesperson from OFTA.