Hong Kong Money Service Operators Association
  •   

Email Scam

Nowadays, email is one of the most common communication channels for both personal communications and commercial dealings. As such, more and more criminals are using technology to hack into email accounts to defraud victims by various means. Police received reports of 693 email scam cases in 2017, representing 22 per cent decline when compared to last year. The amount of loss went down from approximately $1784 million in last year to $993 million in 2017, representing a decrease of about 44 per cent.

General modus operandi of fraudsters:

  • Hack into the victim's email account
  • Check the victim's business correspondences with business partners and observe their daily communication record
  • Send an email to the victim using the same or similar email account of his business partner
  • Claim that the payment bank account has been changed, and further requesting the victim to deposit the payment for goods into the fraudster's designated bank account

Common cases as follows:

  • Corporate Level - "Change of Supplier Bank Details":
    Fraudsters knew from stolen emails about the transactions of Company A (the seller, the consignor) and Company B (the buyer, the paying company). Later, fraudsters, pretending to be Company A, sent fictitious emails (which are very similar to genuine emails) to Company B, claiming that the email address and payment receiving bank account number have changed, and requesting Company B to credit the amount payable to the designated account. Afterwards, when contacting Company A by phone, Company B found out that it had been deceived by fictitious emails and suffered both financial and reputational losses.
  • Personal Level - "Overseas Relatives/Friends need immediate money remittance":
    After hacking into a personal e-mail account, fraudsters sent out deceptive e-mails to all people on the contact list. The email defrauded that the sender had encountered an accident overseas and to transfer money to accounts designated by the fraudsters as a matter of emergency. Some recipients made the remittance without further verification and only realised that they had been cheated when contacting their relatives or friends.

Our Association encourages licensed money changers who do business with customers by email regularly to pay attention to the following points:

  • Email and password security
  • Safeguard personal data, including personal and commercial email accounts to prevent them from being stolen by culprits;
  • Do not use computers in public places to access personal email box, use instant messaging software and e-banking, or do other operations involving sensitive data;
  • Use proper passwords and change them regularly;
  • Do not open emails of dubious origins; and
  • Use antivirus software to scan for virus before opening attachments
  • Computer system security
    • Use genuine software;
    • Update software with patches provided by software developers;
    • Install and turn on firewall and intrusion detection system;
    • Update virus and spyware definition files;
    • Use antivirus software to scan computers regularly;
    • Do not download software of suspicious origin/nature; and
    • Protect wireless networks

    Our Association appeals to all licensed money changers to take initiative in confirming the identities of recipients by telephone, facsimile or other means before performing remittances so as to prevent scams from happening. In response to suspicious deception cases, please dial Anti-Deception Coordination Centre’s (“ADCC”) “Anti-Scam Helpline 18222” around the clock hotline for consultation.

       

    Please note that above information is for reference only.