There has been a dramatic increase in email scams and other online business frauds lately in Hong Kong, with the total financial losses caused by computer crime cases amounting to GBP192.52 million in 2015.
Some common practices of cyber fraud are hacking, phishing, spear-phishing and business email compromise (“BEC”). In most cases of hacking and BEC, criminals illegally hack into the email system of enterprises or even banks. They will search for email conversations regarding the company’s or the individual’s financial transactions. As soon as the transaction is recognized, the fraudster may pretend to be banks, lawyers, accountants, customers or even the senior management officers of the victim companies, asking for the transfers of funds into a specific bank account; a common reason being that there is a "problem" occuring to the relevant bank.
In some cases of phishing and spear-phishing, the fraudsters pose as either the customers, or the senior management officers of the company, and give instructions by using an email address with a highly similar domain name of the company. The fraudulent instructions are always accompanied by forged invoices and other “documentary support” to deceive the employees executing the instructions.
Hong Kong has also become the top destination of fraudulent wire transfer, followed by China, Malaysia, Taiwan, South Korea, Nigeria, the UAE, Japan and Indonesia. There had been a 38 per cent rise in hacking incident reports this year according to Hong Kong's cybersecurity watchdog. Experts in cybersecurity suggest that a general lack in awareness of cybercrime in Hong Kong contributes to the surge in the occurrence of related crimes in the region.
The Cyber Security and Technology Crime Bureau (“CSTCB”) was established in 2015 by the Hong Kong Police Force to carry out technology crime investigations as well as to raise public awareness of the risks associated with social media. CSTCB suggests the following measures for corporations to enhance cyber security:
- Set and change personal passwords regularly;
- Keep personal information safe. Encrypt files to lessen the risk of leakage if the information has to be saved in file format;
- Install and activate a firewall programme;
- Adopt the latest update file or software security patches of the computer operating system;
- Install anti-virus software and update the virus definition file frequently;
- Run anti-virus scans on computers regularly to lessen the risk of infection by virus;
- Don't use the same set of login and passwords for different online accounts;
- Verify unknown email identities; and
- Provide a cyber security and computer use policy and regular training to the staff to enhance their awareness of cyber fraud.