South China Morning Post
Advertisement
Advertisement
Crime in Hong Kong
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
A source has said the phony email used in the scam matched one used by a supplier. Photo: Shutterstock
Hong KongLaw and Crime

Hong Kong IT security firm ‘saved from HK$5 million email scam by bank employee’

  • Post learns scam targeted company’s CEO and sent out email claiming to be supplier requesting payment
  • Bank employee flagged suspicious account to IT firm boss, allowing police to freeze transaction before money was lost, source says
Crime in Hong Kong
Clifford Lo
Clifford Lo
Why you can trust SCMP

A Hong Kong internet security solution company was duped into transferring HK$5 million (US$639,000) to a dubious account by an email scam, before the scheme was foiled by a bank employee, the Post learned on Thursday.

A source familiar with the case said the scam was discovered last week when the bank staff member checked the transaction with the company’s CEO after finding the account to be suspicious.

The CEO, a 60-year-old man, only realised it was a scam after confirming with his business partner, the insider added.

The source said police thwarted the payment after receiving a report from the victim.

The internet security solution company received an email on Wednesday last week that claimed to be from another business which had supplied it with hardware and software since 2016.

The two businesses typically communicated using emails, including for payment requests.

The suspicious email asked the IT company CEO to settle payments totalling about HK$5 million.

“The next day, he received another email from the ‘supplier’, claiming that the company’s usual bank account used to collect money previously was undergoing scrutiny,” the source said.

“He was asked to transfer the fund to another account with a different bank.”

Hong Kong police arrest 122 suspects over scams totalling HK$91.5 million

The insider said the email address from the suspicious sender matched the supplier’s genuine one, prompting the CEO last Friday to send over the money in a single transaction as instructed.

“The bank staff noticed the transfer of a large sum of money to a suspicious bank account and proactively verified the victim [on the same day],” the source added.

The CEO called police on Friday after he checked with his business partner and discovered the email was a scam.

The source said the force immediately stopped the payment from being processed.

He added that the real supplier’s email could have been hacked by fraudsters to scope out the IT firm.

Crime squad officers have launched an investigation and are trying to track down the holder of the bank account involved.

Hong Kong police log 15 per cent surge in scams in January

Scammers sometimes hack into a target company’s email systems or those of its business partners and spy on their exchanges.

The information can then be used to impersonate senior managers of the company or its business partners and request money transfers under various pretexts.

Police handled 208 reports of email scams involving losses totalling HK$163 million last year.

The city recorded a 42.6 per cent increase in all types of deception to 39,824 cases last year from 27,923 reports logged in 2022. The amount lost rose by 89 per cent to HK$9.1 billion in 2023 from HK$4.8 billion the year before.

Police advised the public to use the force’s “Scameter” search engine, accessible through the CyberDefender website, to check for suspicious or fraudulent schemes.

The search engine has information to help users identify suspicious web addresses, emails, platform usernames, bank accounts, mobile phone numbers and IP addresses.

Post