- HKC&ED News
- HKC&ED News
- Enforcement News
- FATF
- Industry News
- Industry News
- Telephone Deception
- E-mail Scam
- Trade Descriptions Ordinance
- Download
- Video
- Links
Email is the latest tool to be hijacked by fraudsters
Cybercrime is a growing trend and sophisticated email scams have resulted in some companies suffering financial losses in recent years
■Richard Hudson says supervision and education of staff members are key ways that companies can tackle fraud and protect themselves from financial losses
Email has become a major communication tool in the modern office but smart fraudsters are increasingly using it to cheat people out of money.
Richard Hudson, a partner at law firm Deacons who specialises in litigation and fraud investigation for commercial clients and the Securities and Futures Commission, said email scams and fraud had become a growing trend in recent years, with some companies suffering financial losses as a result.
According to a report by the Centre for Strategic and International Studies last year, cybercrime is growing, with the estimated annual cost to the global economy now standing at more than US$400 billion.
Hudson discussed the latest trends in email scams and how companies can reduce their losses from such activities.
One of your jobs is to help check for scams and frauds at companies. What have been the most commonly seen strategies recently?
Email scams have been the most common type of commercial fraud lately.
There are some fraudsters who create emails that appear to have been sent from the personal email accounts of senior executives in the companies.
The fake senior executives instruct accounting departments to tell staff to transfer funds to overseas accounts secretly. The accounting department staff are told that the funds are for a secret project. Sometimes, the fraudsters even telephone the accounting staff and pretend they are company executives and confirm the transfer orders. Some companies have lost money as a result of these types of scam as funds were transferred to overseas banks accounts.
Banks have also become targets, with some bank staff receiving emails from fraudsters who pretended they were customers of the bank. These fraudsters are very technology savvy and they use sophisticated software to make the bank staff believe they are interacting with customers through emails and telephone calls to convince them to make the transfers.
Even law firms have been targeted by scams. Law firms can receive emails from someone claiming to be owed money by their spouse as part of a divorce settlement. They say they want the law firm to recover the settlement funds for them but in fact it is fake and the fund transfer is money laundering as the money is being “cleared” through the law firm’s accounts.
We also have to be careful and check background information and do reporting on our clients’ funding too.
Can you help customers to recoup money?
These fraudsters are very sophisticated and they operate internationally. Some of these email scams transfer money outside Hong Kong online or electronically, so that is very quick.
If the companies find out about the fraud quickly that can help as we can get the police or the court to freeze the money and recoup the funds. If the money is transferred outside Hong Kong, it can be harder to retrieve the funds.
What can companies do to prevent fraud?
We would advise companies to introduce some simple measures that could stop these types of email scam.
As many of these email scams use personal email accounts from Yahoo or Gmail, a simple way to stop these types of fraud is to ban executives from using personal email accounts for company affairs or fund transfers, and require that they all must use company email.
There should be supervision to make sure fund transfers of large amounts can not be done by a single staff member and instead require approval from a supervisor.
Education is important. For example, companies can tell their staff to check the spelling in emails sent by senior executives to identify potential fake emails. Many of these fake emails use the names of senior executives but have slight differences in the spelling. If staff members are well trained to prevent fraud, it will help reduce losses suffered by the companies they work for.
If you check your staff members’ or customers’ emails, is that a breach of privacy?
It is necessary to check or monitor staff emails to prevent fraud. Companies that have informed members of staff about monitoring as part of IT policies should not have any privacy problems.
Going back 10 or 15 years, it was easier to check on staff email, but now it is more difficult as people may now use smartphones to check personal email or use WhatsApp to communicate.
As such, companies have to identify other patterns or signs that may indicate that fraud or bribery is taking place.
For example, if a department has a high turnover but no profit, checks should be made to identify potential cases of fraud or payments of kickbacks. If a member of staff always uses the same supplier it might be an indication that bribes are being paid.
After you investigate a scam or fraud for your customers, what is the next step?
Reporting to the police would be the most natural step as the police have the power to freeze funds and can help companies to recoup money.
But companies need to be aware that once they report the case to the police, they have no control over what happens next as the police will decide if they want to prosecute or not.
For some civil level fraud, companies can decide to negotiate and settle with members of staff.
The Securities and Futures Commission may also reach a settlement with its licensees and may not always go to the police.
When recruiting people, how can companies make sure fraudsters won’t join the firm?
Background checks are important. Companies can use Google, Facebook or Twitter to carry out checks on the backgrounds of job applicants to make sure they have the experience and qualifications they claim. Companies can also make telephone calls to referees who have worked with the candidates before.
What kinds of people are suitable to do investigation jobs like yours?
Potential fraud investigators need to like asking questions. They must also like to communicate with customers. They need to respond quickly as timing is important with fraud or scams if you are to recoup money for your customers. Sometimes other knowledge such as forensic accounting would also help.