Bank clients fall victim to internet swindlers

At least a dozen HSBC customers have lost $660,000 to 'phishing' expeditions

Police and bank officials have admitted for the first time that Hong Kong people have fallen victim to crime syndicates using a cyber scam to empty their bank accounts.

The criminals are believed to have masterminded a cyber attack on HSBC in which at least a dozen local victims were swindled out of $660,000.

Yesterday, HSBC said it would consider footing the bill for customers whose accounts were emptied after they were duped into providing user names, passwords and personal details to a bogus website.

The scams are mainly operated by hi-tech criminal syndicates based in eastern Europe.

Overseas experts yesterday told the South China Morning Post the scams, known as phishing, were a huge problem for banks, costing millions of dollars in payouts every week. On average, 80 new phishing sites appear every day, using bogus e-mails to trick people into divulging confidential information.

The Commercial Crime Bureau said yesterday it had arrested eight men and three women connected with the syndicate who were recruited to move stolen money offshore. The arrests follow a two-week investigation by the Technology Crime Division after HSBC clients said they had lost money.

Police have laid theft charges against five of the arrested men and one woman. Two men, aged 21 and 26, will appear in Kowloon City Court and one, 30, will appear in Eastern Court.

Police said that between September 17 and Wednesday, customers received e-mails asking them to click on a link connecting them to a fake HSBC website.

HSBC general manager Raymond Or Ching-fai said the bank would consider sharing some of the cost with the affected customers.

'If there is negligence on the customer's part then both sides must sit down and discuss the matter,' he said. 'By giving away the password to others, I believe there is negligence.'

An HSBC spokeswoman said last night the bank would 'look into compensation for affected customers based on the individual circumstances and a case-by-case basis'.

'We try to stress to our customers that we never send them these e-mails with hyper-links and advise them to put anti-virus protection on their computers,' she said.

The Hong Kong Monetary Authority issued a warning last night on the growing number of fraudulent bank websites and e-mails.

'Millions of phishing e-mails are sent out worldwide by criminals every day with the aim of duping unsuspecting members of the public,' a spokeswoman said.

Anti-phishing expert Alex Shipp, of MessageLabs in Britain, told the Post the syndicates worked by having accomplices transfer the stolen funds into their own accounts, extract it as cash and move it offshore, 'which makes it very hard to trace'.

'It is definitely big business for the criminals and, because it works so well, they are prepared to invest the time and the money.'

Twenty-three bogus bank websites had been uncovered in Hong Kong this year, police said.