Cyber Fraud in Hong Kong: Rising Threats, Scams, and Protective Measures

The number of cases of technology-based crimes has increased dramatically in Hong Kong as the COVID-19 has forced employees to work from home, which often leaves their employers more vulnerable to being attacked by fraudsters. This article provides a glimpse into the latest online scams involving Hong Kong, the warning signs or red flags of online fraud to be on the lookout for, and the steps a victim of fraud can take to protect his assets against fraudsters.

If you believe you are a victim of cyber fraud, jump ahead below and take immediate action before it is too late.

Hong Kong is one of the freest economies in the world. Incorporating a new company can be done quickly (often within a day), easily, and at low a cost. Although the ease to set up new companies is meant to foster economic development and entrepreneurial initiatives, it also provides the perfect framework for fraudsters for creating disposable companies for carrying out fraud and money laundering activities.

In recent years, online fraud schemes have become more and more sophisticated. Gone are the days when these fraudulent schemes were perpetrated by unsophisticated individuals operating out of third-world countries. Nowadays, these crimes are carried out by criminal syndicates that employ a wide array of professionals (e.g., lawyers, accountants, financial experts, linguists, computer specialists) who target specific organisations or individuals using uniquely tailor-made approaches.

1. Romance and Online Dating Scams

Fraudsters exploit dating apps, websites, and social media to establish relationships with victims and manipulate them into sending money. Romance scams are among the most common ways criminals deceive victims into parting with their savings.

Pig-Butchering Scam (殺豬盤)

This scam, originating from China, refers to victims as "pigs" who are "fattened up" before being financially drained. Scammers pose as romantic partners, gain trust, and then convince victims to invest in fake opportunities, leading to significant financial losses.

Traditional Online Dating Scam

Fraudsters often impersonate military officers, international businesspeople, or professionals such as pilots, engineers, or doctors. They establish trust before inventing urgent reasons to request money, typically for:

• custom fees to retrieve something
• Customs fees for retrieving a package
• Travel expenses or plane tickets 
• Medical or surgery costs 
• Gambling debts 
• Visa or legal fees 
• Business losses 
• Handling fees for an inheritance

Despite promises of repayment, victims are left with nothing. Many remain in denial even when presented with evidence of the scam.

Read our detailed article on Romance and Online Dating Scams.

2. Business Email Compromise (BEC)

BEC scams involve fraudsters either hacking into business email accounts or creating near-identical email addresses to impersonate company executives. They trick employees into transferring funds, relying on minor differences in email addresses (e.g., kpmg.com vs. kpng.com) and a lack of cybersecurity awareness.

Read our article on Business Email Compromise Scams.

3. CEO Scam

A CEO Scam is where the fraudsters use various means to impersonate the Chief Executive Officer (or high-level executive) of the company in an attempt to trick an employee in the accounting department into executing an unauthorised bank transfer. The employee targeted by this type of scam is often asked to keep the transaction secret by the fake CEO for a multitude of reasons. This type of scam is often perpetrated in conjunction with the business email compromise type of attacks.

4. Online Shopping Scams

Fraudsters operate elaborate online shops where they falsely advertise sought-after products with competitive prices, but they invariably keep the upfront payment and send nothing in return. In the wake of the COVID-19 pandemic, we have seen many clients being scammed whilst attempting to purchase medical supplies in China from websites purporting to have the medical supplies that were in shortage worldwide. In most instances, victims receive nothing from the fraudsters or get something of zero value (one victim received containers full of medical waste).

5. Business Loan Scams

As companies struggle financially, scammers pose as legitimate financial institutions, offering low-cost loans in exchange for upfront fees. These fees—disguised as administrative costs or transmission charges—are collected before fraudsters vanish. If a loan offer seems too good to be true, it likely is.

Read our article on Business Loan Scams.

6. Investment Scams

Scammers pose as brokers or portfolio managers, contacting victims through messaging apps and social media. They lure victims with promises of low-risk, high-return investments and often use fake graphs to create an illusion of profitability. Victims deposit funds into overseas accounts, which are quickly siphoned away.

6.1 Fake Broker Scam (MT4 & MT5 Scam)

Fraudsters set up fake brokerage websites and use trading platforms like MetaTrader 4 (MT4) and MetaTrader 5 (MT5) to simulate profits. This tricks victims into investing more money before the fraudsters disappear. Most of these scams operate out of China and lack accreditation from financial regulators.

6.2 "Pump and Dump" Scam

Scammers infiltrate online forums, dating apps, and social media, convincing victims to buy low-volume stocks based on alleged insider information. Once the stock price rises due to increased demand, scammers sell their shares, causing the price to plummet and leaving victims with worthless investments.

Read our article on Investment Scams.

7. Cryptocurrency Scams

Cryptocurrency scams have proliferated, with fraudsters exploiting the lack of regulation and anonymity associated with digital currencies. These scams operate much like a mythical Hydra—shut down one, and more emerge.

For a deeper dive into Crypto Scams, read our article.

Understanding these scams is the first step to protecting yourself. Always verify the legitimacy of online interactions, business dealings, and investment opportunities. If something seems too good to be true, it probably is.

First Step: Gather Relevant Documents

Immediately collect all relevant documents, such as emails, banking records, invoices, and screenshots, related to the fraudulent transaction. These materials will help authorities understand your case and take action quickly. However, be selective—submitting too many documents at once may cause delays in processing your case.

Second Step: Report the Crime to the Hong Kong Police Force

This is a crucial step in protecting assets misappropriated by fraudsters.

If You Are in Hong Kong:

• Bring all relevant documents and visit any Hong Kong Police Force report room to file a complaint.
• The reporting officer will assess your case to determine whether a crime has been committed.
• If your case is deemed valid, an inspector will take your formal statement and may freeze the fraudster’s bank account if it is based in Hong Kong.
• Ask the inspector whether they intend to freeze the account—this is critical information if you seek legal advice later.

If You Are Outside Hong Kong: You have two options:

Option 1: File an Online Report

• Submit a report via the Hong Kong Police Force website, providing contact details, a case summary, and supporting documents.
• A police officer will follow up via email, asking additional questions and possibly requesting a formal statement in person or through a Hong Kong solicitor.

Option 2: Instruct a Solicitor

• A solicitor can report the scam on your behalf, ensuring that the police receive all necessary information promptly and improving the chances of freezing the fraudster’s accounts.
• Though hiring a solicitor incurs additional costs, it can be a strategic advantage.

Third Step: Alert Your Bank

Notify your bank immediately and request a recall of the fraudulent transaction. The window for recovery is small, so prompt action is essential.

Fourth Step: Consult a Hong Kong-Based Law Firm

Consider engaging a solicitor to explore legal options for asset protection and recovery. Common legal remedies include:

Early-Stage Actions:

• Freezing Order (Mareva Injunction): Prevents the defendant from disposing of assets.
• Disclosure Order (Norwich Pharmacal Order): Obtains information from third parties (e.g., banks, internet hosts) to support legal action.
• Bankers’ Books Evidence Order: Grants access to specific bank records despite banking secrecy laws.

To manage legal costs, some victims opt to wait for the police to confirm whether substantial funds (typically over HK$100,000) remain in the fraudster’s account before proceeding with legal action.

Later-Stage Considerations:

• Legal Costs: Costs vary depending on whether the fraudster contests the proceedings.
• Security for Costs: If you or your company are based outside Hong Kong, you may need to pay security for costs before proceeding with a lawsuit.
• Timeline: If uncontested, cases typically take 6-9 months for judgment, with another month for bank processing. Complex cases may take 1-2 years.

Fifth Step: Protect your Personal Identity and Information

In the event that you are a victim of identity theft or made available identification documents to the fraudsters, the HKSAR Government recommends that you take the following measures:

• Seek assistance from the Hong Kong Computer Emergency Response Team Coordination Center (HKCERT). (Link)

• Complain to the Privacy Commissioner for Personal Data (PCPD) if personal information is involved. (Link)

• Report to banks, credit card issuers, or related online service providers immediately if an account is suspected to have been compromised.

If you have additional questions which are not addressed here or wish to schedule an appointment to discuss your case, please contact us by telephone on +852 2176 4777, by WhatsApp (+852 9547 5353) or by email at enquiries@comtois.hk.