South China Morning Post
Advertisement
Advertisement
Scams and swindles
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Hackers stole US$6.6 million after getting access to the email of the company’s CFO. Photo: Shutterstock
Hong KongLaw and Crime

Singapore sting: international company in Hong Kong hit by US$6.6 million hacking scam

  • Firm’s financial controller conned into transferring funds into Singapore bank account after crooks took control of CFO’s email
  • Police working with overseas counterparts to retrieve money
Scams and swindles
Clifford Lo
Clifford Lo
Why you can trust SCMP

A Hong Kong-based international corporation has been conned into transferring US$6.6 million (HK$51 million) into a Singapore bank account in an email scam.

A police source said they believed international swindlers hacked into the email account of the company’s CFO, impersonated her, and instructed its financial controller to make the money transfers.

Officers in Hong Kong are working with their Singapore counterparts to retrieve the money.

“Between October 28 and November 5, the financial controller received four emails, purportedly sent out by the CFO, ordering him to settle the consultation fees and transfer US$6.65 million to a bank account in Singapore,” the source said.

As instructed, the financial controller transferred the money in four transactions, as the right documents were attached to the emails and there was nothing suspicious about the email address they were sent from.

The police have declined to name the company, which has offices in Taikoo Place. Photo: Handout

The controller discovered it was a scam on Thursday evening, when he found out the chief financial officer had not sent the email.

Police have declined to name the company involved, which has offices in Dorset House, in Taikoo Place, in Quarry Bay.

As of Friday afternoon, the source said officers from the force’s Anti-Deception Coordination Centre were still trying to retrieve the money.

Between January and August this year, the anti-fraud squad blocked the transfer of about HK$2.3 billion connected to 580 deception cases and prevented victims in more than 180 such cases from sending money to fraudsters.

The centre, set up in 2017 to pool police resources for tackling online scams, halted 1,174 payments worth more than HK$4.45 billion to international fraudsters between July 2017 and December 2019. About two-thirds of that amount was intercepted in 2019.

Hong Kong-listed company investigated over HK$95 million gold scam

This year’s largest email scam involved a US branch of a Japanese bank that was tricked into transferring HK$314 million into five Hong Kong bank accounts. Police managed to intercept nearly HK$240 million of the money before it was transferred out of the bank accounts, but fraudsters still managed to bag about HK$70 million.

It was one of the 332 cases of commercial email fraud recorded in the first six months of this year, with a total of HK$1.23 billion stolen. In the same period last year, there were 279 cases involving HK$1.12 billion.

Fraudsters typically hack into the email accounts of targeted companies and businesspeople, before using the information gleaned to impersonate their business partners, clients or senior executives and eventually order money transfers.

Many of the victims and companies that fell victim to email scams are not in Hong Kong. Local police became involved because the money was transferred into bank accounts in the city.

Post