Changing trends in cyber fraud

06Feb2018

As another year passes, the number and complexity of cyber frauds continues to grow. In this article we discuss three developments of 2017, which we expect to see continue this year.

Traditionally, email hacking identity theft fraud was easy to detect. In an all too common scenario a fraudster would gain knowledge of a company’s email-identifiers and impersonate a business client with an invoice due, or an internal officer with authority over the accounts. He would swap out a single digit of their email address, for example replacing “joshua@business.com” with “ioshua@business.com”, before using emails offering new account details to accommodate a tax demand, or similar.

Increasingly, however we are seeing email accounts that have been internally compromised. Fraudsters are able to access and peruse the account without the knowledge of the account holder, and thereafter to adopt the drafter’s writing style, send payment instructions from the correct email address and even delete messages that have been sent, prolonging the time it takes to discover the fraud.

The second major development has been the use of multi-country layering. Fraudsters now frequently set up internet banking facilities across Asia, the Middle East and Europe and dissipate payments in a series of significantly smaller wire transfers. With each new jurisdiction the economies of scale that make recovery worth pursuing diminish, and victims of fraud today have less and less time to effectively react. Whilst prevention will always be better than cure, there is increasing value in stemming the flow of money as promptly as possible, particularly before it leaves Hong Kong.

The third change is the greater use of “mule” accounts to funnel money. Mule accounts serve other trading purposes and have been presented in support of arguments that the beneficiary received the victim’s monies as part of a deal of some sort, has paid for it in some way, and should be entitled to keep it. We believe this increase to be a result of the explosion in underground banking that has followed the Mainland’s regulation of currency export. Happily, recent court decisions have scrutinised such claims closely, rejecting them where inconsistencies remain.

What to do if you think you or your business has been the victim of fraud?

Call the bank. If the fraud is identified very promptly, ensure you contact the recipient bank and ask that the payment is not credited to its customer’s account, explaining the fraud and providing as much supporting documentation as you can at that stage.

  • Once the funds have been credited you will have to target that account as we describe below, though before that there is a window of up to 48 hours in which the international banking system may provide a means of returning the payment.
  • We can assist in these circumstances by liaising with the banks and where necessary obtaining a quia timet (or “because he fears”) injunction, which will prevent the bank from depositing the funds into its customer’s account, buying you crucial time to investigate and substantiate your tracing and recovery claim.

Call the police. The Hong Kong Police have jurisdiction over any money paid to Hong Kong as part of a fraud or otherwise illegally, and you can make a report promptly using the e-report room here, and by calling (852) 2527 7177.

  • On receipt of a well prepared report the police will act swiftly and may issue a “letter of no consent” under the organised and serious crimes regime. This will have the effect of freezing such monies as remain in the account, temporarily preventing further dissipation.
  • If the police investigations reveal the monies to be the proceeds of fraud or a serious crime, they will in due course be sequestrated to the Government.

Call us. We assist with tracing and recovery, and typically obtain orders within 48 hours of instruction. Victims with prospects of recovery will wish to issue civil proceedings that can be enforced against the account, and may wish to assist the criminal investigations by providing such information as they are able to obtain about the fraud.

  • A Norwich Pharmacal or disclosure order will relieve the Hong Kong bank to which your money was sent of its confidentiality obligations to the fraudster’s account, and reveal where your money was onward paid, and to whom. This informs the direction of your recovery litigation. It is often possible to obtain the balance of the fraudster’s account within 24 hours of the order.
  • If the fraud is fresh, or there is evidence of assets within the account, a Mareva injunction order will issue to compel the preservation of such monies as remain in the account. Banks in Hong Kong generally give effect to Mareva injunctions by freezing the account, preserving your assets pending completion of civil proceedings issued against the fraudster and those who have received proceeds.
  • Gagging” provisions can be added to both orders, and assist particularly in the case of larger frauds where there is a risk of multi-country layering and where recovery efforts would be hampered were the defendant to tip off his co-conspirators.

If you think you have been the victim of fraud please contact:

Jeff Lane
Partner | Email

Disclaimer: This publication is general in nature and is not intended to constitute legal advice. You should seek professional advice before taking any action in relation to the matters dealt with in this publication.