Hong Kong is in the grip of a multimillion-dollar email scam crisis that has seen the average amount of money tricked out of its victims - whose annual numbers run into the hundreds - increase more than a third compared with last year, according to police. Crooks steal the email identities of legitimate traders, then pose as business vendors to elicit payments from their clients. The racket has seen the total sum scammed out of businesspeople rise to HK$605 million from 489 victims in the first six months of this year, compared to HK$983 million across 1,095 companies for the whole of 2014. In a case revealed by police yesterday, a supply-management company lost HK$1.8 million to fraudsters pretending to be owners of the firm, who sent an email ordering staff to remit money to a foreign account. The online crimes come amid a separate, ongoing police investigation into a rash of cases in which well-off Hongkongers have been duped into depositing money into mainland accounts. Police warned business executives their emails were at risk of being hacked by con artists. A local interior designer said she was duped into transferring HK$13,500 to the mainland in May, believing she was dealing with a legitimate local vender. "The emails looked so fine, like any of those I had received over the past five years," she said, adding: "I have been doing business with him via email for years. So this time, I did not even think, as I trusted him." Instead of requesting that the money be placed into the vendor's local bank account, the fraudster gave her a mainland bank account. But to lessen suspicion, the bogus vendor stayed in contact with the interior designer for two more months. The number of email-fraud cases actually dropped to 489 in the year to June, compared with 1,095 cases reported for all of last year and 1,153 cases in 2013. The amount scammed, however, rose dramatically, from HK$900,000 per case on average last year, to more than HK$1.2 million this year. The police cybersecurity bureau, set up this year, said hackers of email accounts typically spent months studying the correspondence of target companies, so the scam emails would look genuine. "The emails looked just like previous ones from their legitimate business partners. They even added a personal touch, such as, 'How was your holiday in Thailand?' to evade suspicion," chief inspector Sean Lin of the bureau said. Lin appealed to people to use alternative forms of communication - such as the telephone - to verify all requests for payment. He admitted email scams were difficult to trace, as 90 per cent of the hackers were based overseas. He said police would work with overseas agencies like Interpol to pursue the criminals. In the case of the supply-management company, police were alerted by a complaint from a female employee on Tuesday. "Following instructions in the email, she sent US$232,500 to an overseas bank account in two separate remittance transfers," a police spokesman said. The staff member realised she had been swindled after discovering her client did not receive the money.