Phishing Alert - Beware of Phishing Websites Impersonating the Anti-Deception Coordination Centre (ADCC) and Multiple Well-Known Brands

Release Date: 22 May 2026

Type: Phishing

Phishing Alert

Current Status and Related Trends

mickmick.net reminds the public that fraudsters have recently been using fake government institution and well-known brand websites to carry out various phishing attacks. These include fake websites impersonating the “Anti-Deception Coordination Centre (ADCC)”, as well as phishing pages posing as logistics services, financial institutions, retail platforms, and online services.

 

Scammers have set up fake ADCC websites claiming to offer services such as assistance in recovering scam losses, free verification, and free consultation with professional legal teams. These sites also use fabricated success stories, case sharing, and FAQ content, claiming that “even if more than a month has passed since the scam, there is still a high chance of recovering the funds”, in order to increase credibility and lure victims into contacting them. In reality, such websites are a form of secondary scam targeting existing victims.

 

In addition, mickmick.net has found that fraudsters have created multiple phishing websites impersonating local organisations, logistics services, financial institutions, travel platforms, and entertainment services, in order to trick users into entering personal information, account credentials, or payment details for further fraud or account theft.

 

 

Fake “Anti-Deception Coordination Centre (ADCC)” Websites

 

 

• It uses phrases such as “free consultation” or “free investigation” to lure victims into making contact.

 

• After users click “Get Immediate Online Help and Checking”, they are redirected to a fake WhatsApp webpage, where a one-on-one conversation is initiated to further obtain sensitive personal information or demand payment.

 

• It even fabricates successful recovery cases and displays claims such as “successfully recovered,” “safe and secure,” and “full recovery,” while showcasing fake professional legal teams to enhance credibility.

 

• The FAQ section of these websites may claim that “even if more than one month has passed since being scammed, there is still a high chance of recovery,” further luring victims.

• The public should note that the official website of the ADCC is: adcc.gov.hk, and the official hotline is only “Anti-Scam Helpline 18222.”

 

 

Other Phishing Websites Observed by mickmick.net

Apart from fake ADCC websites, mickmick.net has also observed multiple phishing websites impersonating local institutions, logistics services, financial institutions, travel platforms, and entertainment services under different themes:

• A fake Cainiao Hong Kong logistics website claiming that parcel delivery failed and asking users to reconfirm their address and pay a fee, thereby stealing personal information and credit card details.

 

• Fake verification pages for insurance company Prudential, financial services company Manulife, and a fake Disney+ login page, prompting users to enter login credentials or personal information.

 

• A fake Wellcome online store page displaying promotional offers such as 12% off or 15% off, tricking users to make payments and submit credit card details.

 

• Fake Klook travel platform page, fake Cathay Pacific mileage redemption page, and fake e-MPF platform page.

 

 

 

Characteristics of Suspicious Websites 

Based on the above cases, these phishing websites share the following common features:

1. Generally imitate the design and operating flow of official websites to mislead users into believing they are legitimate platforms.
2. Use domain names that resemble well-known brands but are not identical.
3. Use of domain names that are similar to, but different from, those of legitimate websites, including the use of less common top-level domains such as .lol, .cyou, and .top
4. Some of the suspicious domains are newly registered. 
5. Imitate the design and interaction flow of official websites.
6. Use themes such as “abnormal order,” “security verification,” “points redemption,” or “special offers” as bait to increase the likelihood of users clicking and taking action.

mickmick.net has found that fraudsters are using phishing websites under different themes to launch large-scale distributed attacks, combining tactics such as official impersonation, brand imitation, and social engineering to improve their success rate.

 

In particular, for people who have already been scammed, fraudsters use fake ADCC websites and so-called professional teams, together with claims of being able to recover scammed funds, to carry out secondary scams and further steal money and sensitive data.

 

The public should remain vigilant and must not trust any website or contact method claiming it can quickly or highly likely recover scam losses. If in doubt, always verify information through official channels to protect personal and financial security.

 

 

Security Advice for the Public

mickmick.net reminds members of the public to: 

• Carefully verify the full URL. Official government websites generally use the “.gov.hk” domain. The URLs of phishing websites are often very similar to those of official websites, but may differ slightly in spelling, word order or top-level domain. Users should carefully verify that the URL is correct before entering any information. 
• Do not handle scam cases through instant messaging platforms. Official agencies generally do not instruct users via WhatsApp to recover money or transfer funds.
• Stay cautious of services claiming they can help recover money. Such services may be secondary scams.
• Avoid clicking on unknown or unverified links. Whether a link comes from email, text message, social media, instant messaging platforms or search engine adverts, users should not click on it unless its authenticity has been confirmed. 
• Do not enter personal or payment information on suspicious websites. If the source of a website is unclear, or if the domain name does not match the official website, users should not enter their name, telephone number, email address, credit card information, verification code or other sensitive information. 
• It is advisable to type the official website address directly into the browser. Avoid entering websites through search engine ads or unknown links.

 

If Information Has Been Submitted, the Following Actions Should Be Taken Immediately 

If members of the public suspect that they have entered personal information or credit card information on a suspicious website, they should take the following steps as soon as possible: 

 

• Stop all contact with the other party immediately;
• Do not provide any further personal or financial information;
• Immediately contact the relevant bank or credit card issuer to report the incident and request appropriate protective measures; 
• Closely monitor bank account and credit card transaction records to check whether any unauthorised transactions have occurred; 
• Call the Hong Kong Police Force Anti-Deception Coordination Centre hotline “Anti-Scam Helpline 18222” for assistance; 
• Retain relevant records, including website screenshots, text messages, emails, payment notifications and transaction records, for future follow-up or reporting purposes.