Hong Kong has seen a spurt in fraud cases involving fake business emails, police said on Sunday, urging corporations to be more vigilant with regard to computer systems firewalls and internal communications.
According to data unveiled by the Commercial Crime Bureau’s Anti-Deception Coordination Centre (ADCC), corporate-level email scams were up 30 percent in number in the first half of 2018 compared to the same period last year, the Hong Kong Economic Journal reports.
Monetary losses involved those cases totaled HK$759 million, up 72 percent from the period last year, said ADCC, which was set up in July last year with an aim of consolidating all the efforts of the police in fighting and prevention of deception, and raising public awareness on different types of scams.
Superintendent Chan Tin-chu of the Commercial Crime Bureau pointed out that many of the business email scams began with the email accounts used by companies’ top-level officers, such as chief executive.
The email accounts were hacked by scammers, who, after learning the executives’ email writing styles, made their moves and sent fake outward remittance instructions to their subordinates.
Often, the emails to the subordinates would say that the messages were being written while the senior executives were on an airplane, and that the fund transfer should be carried out immediately in view of a business emergency.
Senior staff such as heads of the finance department usually ended up following the instructions and therefore fell prey to the scammers since they had difficulty contacting the senior executives at such times to get confirmations.
The orders would be carried out as the subordinates would fear they might be held responsible for any business setback if they did not do as instructed, Chan said.
In one case citied by Chan, a Spanish company producing mechanical parts was duped and remitted 11 million euros, or almost HK$100 million, to a corporate bank account in Hong Kong after receiving an email allegedly from its chief executive, only to learn later that it was a scam.
Investigations by the ADCC found that money was transferred multiple times after it entered Hong Kong but the police still managed to intercept and freeze about HK$60 million.
In another case, a Hong Kong branch company of a Swiss company fell into a similar trap and remitted US$2 million (around HK$15.6 million) to a bank account in mainland China, but luckily the incident was reported to the police, who stopped the money transfer in time and saved the company from losing the amount.
To help companies avoid falling victim to business email scams, Chan urged enterprises to pay relentless attention to cyber security, including updating their corporate firewalls regularly.
In addition, Chan called on company staff including senior corporate officers not to open internet links from uncertain sources. Also, there should be clear-cut internal policies and procedures in relation to handling of finance matters when senior management officers are away on vacation or on business.
In other news, data from the ADCC showed the number of investment-related scams reached 90 in the first half of the year, a 70 percent jump from a year earlier.
The total losses involved in those cases was up 26-fold to HK$536 million, most of which was connected to scams involving trading gold on the London markets.
As for phone scams, the number fell in the first-half 2018 compared to the same period last year, but the ADCC warned that there has been a sign of resurgence in the cases recently.
Anthony Tsang Ching-fo, chief superintendent of the bureau, revealed that he is seeking to expand the size of the ADCC to 25 people in the next fiscal year that begins in April 2019, from 16 at the moment.
– Contact us at [email protected]