HK$9.6 m targeted in online banking scam

More than HK$9.6 million held in company bank accounts was targeted in a sophisticated e-mail scam that tricked 13 people into revealing the code generated by personal security devices banks issue for customers to conduct transactions online, police say.

The e-mails contained malware disguised as an attachment that steered the victims to websites that looked like banks' actual sites, where the customers then typed in their security code and log-in details.

Anthony Cheng Hung, chief inspector with the police's technology crime division, said three mainlanders, aged 49 to 52, were arrested last month over an unsuccessful attempt to transfer HK$1.9 million from victims' accounts. They are scheduled to appear in Eastern Court on May 20.

"There is a lot of malware in this world, and it is getting more and more advanced. So we need to improve people's security awareness," Cheng said.

The latest cases, which occurred across the first four months of the year, mark a sharp increase over the five cases recorded last year.

Although HK$9.66 million was involved, only HK$2.8 million was successfully transferred to overseas accounts, some in Britain, the United States, the Czech Republic and the mainland, police said. Other transactions were interrupted when victims' discovered what was happening before the process ended.

Fraudsters sent out e-mails - purporting to come from the victims' actual bank - along with a zip file attachment. Opening the attachment allowed for malware to be inserted into their computers. When the victims tried to open the website of the actual bank, the programme steered them to a similar but fake one.