Cyber Fraud and Recovery in Hong Kong
The number of cases of technology-based crimes has increased dramatically in Hong Kong as Covid-19 forces employees to work from home which often leaves their employers more vulnerable to being attacked by fraudsters. This article provides a glimpse into the latest online scams involving Hong Kong, the warning signs of online fraud to be on the lookout for, and the steps a victim of fraud can take to protect his assets against fraudsters.
If you believe you are a victim of cyber fraud, jump ahead below and take immediate action before it is too late.
Why Hong Kong?
Hong Kong is one of the freest economies in the world where incorporating a new company can be done quickly (often within a day), easily, and at low costs. Although the ease to set up new companies meant to foster economic development and entrepreneurial initiatives also provide the perfect framework for fraudsters for creating disposable companies for carrying out fraud and money laundering activities.
Common Types of Online Fraud
In recent years online fraud schemes have become more and more sophisticated. Gone are the days where these fraudulent schemes were perpetrated by unsophisticated individuals operating out of third world countries. Nowadays, these crimes are carried out by criminal syndicates that employ a wide array of professionals (e.g. lawyers, accountants, financial experts, linguists, computer specialists) who target specific organizations or individuals using uniquely tailor-made approaches.
1. Online Romance Scam
Fraudsters use online dating apps, dating websites, or social networking sites to connect with their victims and attempt to establish a relationship with them. They often pretend to be overseas military officers, international businessmen, or professionals (e.g. pilots, engineers, or doctors).
Initially, the fraudsters will do their best to establish trust with their victims before inventing reasons to ask victims to urgently send money to designated bank accounts located overseas to solve their problem.
Fraudsters will usually ask their victim to wire transfer them the money to pay:
- customs fees to retrieve something
- for a plane ticket or other unforeseen travel expenses
- for surgery or other medical expenses
- gambling debts
- the fee for a visa or other official travel documents
- business losses
- the handling fees for a large sum of money to inherit
Unfortunately, these fraudsters are often so successful that it takes an inordinate amount of time for the victims to realize that they have been defrauded. It is not uncommon to meet clients that despite strong evidence and have never met (or even seen the person on video) prefer to believe that their online romantic partner is a real person.
2. Business Email Compromise
Business Email Compromise (also known as "BEC") is a type online scam where a fraudster either illegally gains access to a business email account or creates an email account using a domain name that is almost identical to the business targeted and uses said account to impersonate an employee of the company owner’s identity and get unsuspecting employees to unknowingly help the fraudster to defraud their own company.
This type of fraud rely on cyber security deficiencies of the target company or the recipient not paying close attention to the email address of the sender. Often, only one letter in the domain name of the fraudster is different from the domain name used by real company (kpmg.com vs kpng.com). Otherwise, in many cases, the email sent by the fraudsters are virtually indistinguishable from an original one.
3. CEO Scam
A CEO Scam is where the fraudsters use various means to impersonate the Chief Executive Officer (or high-level executive) of the company in an attempt to trick an employee in the accounting department into executing an unauthorized bank transfer. The employee targeted by this type of scam is often asked to keep the transaction secret by the fake CEO for a multitude of reasons. This type of scam is often perpetrated in conjunction with the business email compromise type of attacks.
4. Online Shopping Scam
Fraudsters operate elaborate online shops where they falsely advertise sought-after products with competitive prices but they invariably keep the upfront payment and send nothing in return. In the wake of the COVID-19 pandemic, we have seen many clients being scammed whilst attempting to purchase medical supplies in China from websites purporting to have the medical supplies that were in shortage worldwide. In most instances, victims receive nothing from the fraudsters. In one instance, one victim received containers full of medical waste.
5. Business Loan Scam
Business loan scams have become more prevalent in 2020 as companies around the world are experiencing financial troubles and have had difficulties finding local financial institutions willing to provide loans for their businesses. In their desperation, these companies have turned to the internet in the hope to find financial institutions willing to lend them money and fraudsters have seized on this opportunity to scam them.
These fraudsters operate through elaborate websites masquerading as legitimate financial organizations who often promise low-cost interest-free loans in exchange for an upfront fee. That upfront fee is often disguised as a transaction fee (e.g. bank transmission, administrative and collateral facility fee, SWIFT Transmission Charge).
Once the fraudsters receive that “transaction fee”, one of two things will happen. Either the fraudsters will invent a reason for requesting more money, or they will immediately disappear without providing any of the promised funds.
Bottom Line: if the terms of the loan offered are too good to be true, you are likely getting scammed.
6. Investment Scam
Fraudsters often approach their victims through messaging platforms (e.g. WhatsApp, Line, WeChat) and by advertising over social media (Facebook, Instagram), claiming to be a stockbroker, a portfolio manager or working for a fund, and offering low-risk investments in overseas companies with high returns. They tend to have photoshopped graphs showing the incredible returns that they investments have generated.
Fraudsters then ask their victims to deposit a sum of money into the account of an overseas company. Once the funds are deposited, they are immediately syphoned out and transferred to the four corners of the world.
In our experience, these fraudsters tend to operate in Mainland China or overseas and do not have any accreditation with any financial regulators (e.g. Securities and Futures Commission).
Steps to Take
First Step: Gather all the Relevant Documents
You should immediately gather all the relevant documents (e.g. emails, banking records, invoices, screenshots) regarding the fraudulent transaction; anything relevant to help the authorities to understand your case and enable them to take action as soon as possible.
However, you need to be selective, if you provide the police with too many documents early on, you are at risk of inadvertently causing delay in your case being processed.
Second Step: Report the Crime to the Hong Kong Police
This is in many respects, one of the most crucial steps you can take to protect the assets that have been misappropriated by the fraudsters.
If you are physically in Hong Kong
Bring all the relevant documents related to your case and visit any of the report rooms of the Hong Kong Police Force (addresses here) and make a complaint to the reporting police officer on duty at the station. The job of that officer is essentially triage, he needs to have a basic understanding of your case and determine whether or not, in the officer’s view, a crime has been committed.
If the officer believes your case is worth investigating, you will be asked to meet for an inspector and give a formal statement about your case and identify who the suspects are. At that point in time, assuming that the bank account of the fraudster is in Hong Kong, the inspector may, at his discretion, take steps to have the bank account temporarily frozen. It is important to ask the inspector whether he/she intends on freezing the account. This information will be very important when you seek advice with your case from a lawyer.
If you are outside of Hong Kong
You can file an online report with the Hong Kong Police Force directly on its website (link here). You will be asked to provide all your contact details, a summary of your case (including the details of your case) and allowed to upload supporting documents as well. Based on our experience, fraud cases occurring outside of Hong Kong but involving individuals or companies based in Hong Kong are usually treated as money laundering cases by the Hong Kong Police.
Initially, the Hong Kong Police will assign a police officer to your case and that officer will follow up with you by email and may ask you additional questions regarding your case. Later on, the officer will ask you to either come to Hong Kong to give a formal statement or instruct a Hong Kong solicitor to make a formal statement on your behalf.
Third Step: Alert your Bank
You should inform your bank as soon as possible about the fraudulent transaction and demand that your bank attempts to recall the funds. The window of opportunity for such a procedure is very small and it will require you to act very quickly.
Fourth Step: Contact a Hong Kong-based Law Firm
You should consider appointing a solicitor at your earliest opportunity so that you can be advised as to what options (if any) are available to you to protect your assets against the fraudsters. We have listed below the most common options available to help protecting and recovering assets.
- Freezing Order (aka Mareva Injunction): An application can made to court to permanently freeze the assets of the defendant and prohibits him from disposing of the same. Once the relevant bank receives a copy of the freezing order, it will freeze the account until the court discharges the order or a judgment is obtained and enforced against the account.
- Disclosure Order (aka Norwich Pharmacal Order): A Norwich Pharmacal Order is an order for disclosure against an innocent third party (e.g. internet hosting services, bank) to gather information in support for commencing proceedings against the fraudster.
- Bankers’ Books Evidence Order: Banks in Hong Kong have a duty of secrecy in respect of the affairs of its customers. However, the court can order a bank to provide a third party (e.g. a victim of online fraud) with access to specific entries in the records of the bank.
Depending on the circumstances, it is often recommended, as a way to manage legal costs to simply just wait for the Hong Kong Police to freeze the relevant account(s) and inform the victim whether there is or not a material amount of funds in the account (more than HK$100,000.00). Sometimes the exact amount will be shared but it is at the complete discretion of the inspector in charge of the case.
We recommend to wait until it is confirmed (by the police directly or by the bank through the court) that there are sufficient funds left in the account of the fraudster before commencing legal proceedings and attempting to recover the funds.
- Legal Costs Involved: That part is always difficult for a lawyer to assess because there are so many variables involved that will affect the costs. Initially, the biggest unknown variable is whether or not the alleged fraudster (or the company or person that received the funds) will put forward a defence in the proceedings. In this regard, while it is often the case that fraudsters will not waste time defending legal proceedings against their victims, we have seen instances were the stolen funds are used against the victim. It then becomes a war of attrition against the victim who, in many cases, is already costs sensitive.
- Security for Costs: If you are domiciled out of Hong Kong or if your company is incorporated outside of Hong Kong, you maybe be required by Hong Kong courts to pay security for costs. It means that the court will require a foreign plaintiff to pay money into court as a security for the estimated legal costs of that the defendant will incur defending the proceedings. This is designed to prevent a situation where a defendant successfully defend proceedings against the plaintiff but has to commence proceedings overseas to recover its legal costs.
- How much time will it take ?: That is another hard question to answer these days especially with the disruptions caused by COVID-19. As a rule of thumb, if the fraudster does not put forward a defence, and the case is a straightforward one, it will normally take six (6) to nine (9) months to obtain a judgment and probably an additional month to get the bank to process the order. In more complicated cases, it can take between one to two years to get a final judgment.
Fifth Step: Protect your Personal Identity and Information
In the event that you are victim of identity theft or made available identification documents to the fraudsters, the HKSAR Government recommends that you take the following measures:
- Seek assistance from the Hong Kong Computer Emergency Response Team Coordination Center (HKCERT). (Link)
- Complain to the Privacy Commissioner for Personal Data (PCPD) if personal information is involved. (Link)
- Report to banks, credit card issuers or related online service providers immediately if any account is suspected to have been compromised.
If you have additional questions which are not addressed here or wish to schedule an appointment to discuss your case, please contact us by telephone on +852 2176 4777 or by email at [email protected].