Email Scam

Nowadays, email is one of the most common communication channels for both personal communications and commercial dealings. As such, more and more criminals are using technology to hack into email accounts to defraud victims by various means. Police received reports of 569 commercial email scam cases in the first half of 2014, representing more than 10 per cent increase when compared to the same period last year. The amount of loss went up from approximately $310 million in the first half of 2013 to $570 million in the same period of 2014, representing an increase of about 80 per cent. Only around 29 per cent of the victims were Hong Kong companies.

General modus operandi of fraudsters:

  • Hack into the victim's email account
  • Check the victim's business correspondences with business partners and observe their daily communication record
  • Send an email to the victim using the same or similar email account of his business partner
  • Claim that the payment bank account has been changed, and further requesting the victim to deposit the payment for goods into the fraudster's designated bank account

Common cases as follows:

  • Corporate Level - "Change of Supplier Bank Details":
    Fraudsters knew from stolen emails about the transactions of Company A (the seller, the consignor) and Company B (the buyer, the paying company). Later, fraudsters, pretending to be Company A, sent fictitious emails (which are very similar to genuine emails) to Company B, claiming that the email address and payment receiving bank account number have changed, and requesting Company B to credit the amount payable to the designated account. Afterwards, when contacting Company A by phone, Company B found out that it had been deceived by fictitious emails and suffered both financial and reputational losses.
  • Personal Level - "Overseas Relatives/Friends need immediate money remittance":
    After hacking into a personal e-mail account, fraudsters sent out deceptive e-mails to all people on the contact list. The email defrauded that the sender had encountered an accident overseas and to transfer money to accounts designated by the fraudsters as a matter of emergency. Some recipients made the remittance without further verification and only realised that they had been cheated when contacting their relatives or friends.

Our Association encourages licensed money changers who do business with customers by email regularly to pay attention to the following points:

  • Email and password security
  • Safeguard personal data, including personal and commercial email accounts to prevent them from being stolen by culprits;
  • Do not use computers in public places to access personal email box, use instant messaging software and e-banking, or do other operations involving sensitive data;
  • Use proper passwords and change them regularly;
  • Do not open emails of dubious origins; and
  • Use antivirus software to scan for virus before opening attachments
  • Computer system security
    • Use genuine software;
    • Update software with patches provided by software developers;
    • Install and turn on firewall and intrusion detection system;
    • Update virus and spyware definition files;
    • Use antivirus software to scan computers regularly;
    • Do not download software of suspicious origin/nature; and
    • Protect wireless networks

    Our Association appeals to all licensed money changers to take initiative in confirming the identities of recipients by telephone, facsimile or other means before performing remittances so as to prevent scams from happening.


    Please note that above information is for reference only.