Skip to content

Home » Publications » Evolution of Electronic Fraud in Hong Kong

Evolution of Electronic Fraud in Hong Kong

Introduction

In the past 50 years, we have seen a lot of changes in the ways people communicate with each other and conduct transactions.  Emails and telephone messages have become commonplace.  Payments can be made instantly with the click of a few keys.

The increased use of electronic communications and online transactions, however, has led to opportunities for fraud and deception.  Hong Kong has witnessed a significant rise in the number as well as complexity of electronic fraud schemes, which calls for heightened awareness by law enforcement agencies, legal professionals as well as the general public. 

In this article, we examine the types of electronic fraud schemes which are commonly seen, and how the deception tactics used by fraudsters have evolved.  Additionally, we look at emerging threats, such as the use of AI deepfake technologies and digital currencies, which are making it more difficult to detect electronic fraud and to trace the stolen funds.

Deception by Impersonation

Impersonation is the most commonly used tactic in electronic fraud schemes, and it can take different forms.

The fraudster may impersonate as the victim, for example by hacking into the email account of the victim, and then send instructions purportedly from the victim to financial institutions for transfer of funds to a bank account of the fraudster or an associate of the fraudster.

Alternatively, the fraudster may impersonate as a person who is in a position of authority or trust over the victim and then exploit such authority or trust to convince the victim to part with his monies.  For example, the fraudster may impersonate as an officer from public authorities; or it may use an email or telephone account which has a deceptively similar name as, for instance, the victim’s friend or colleague, to communicate with the victim.

Use of Third Party Accounts

In addition to the traditional fraud schemes, in recent years, we have come across increasingly creative means used by fraudsters to obtain the victim’s funds.

In particular, instead of using his own account to receive the victim’s funds, fraudsters often use a third party’s account to do so, which makes it difficult for the victim and law enforcement agencies to track the fraudster’s identity and also facilitate further dissipation of the victim’s funds. 

There are various ways by which the fraudster may make use of third party’s accounts.  The third party could be an associate of the fraudster, or a company under the name of a person who has allowed the fraudster to use his identity but is otherwise not involved in the fraud.  Either way, although the account is not in the fraudster’s own name, the fraudster has control of it.

The third party could also be someone who is entirely unconnected with the fraudster, for instance a goods supplier.  The fraudster may pretend to be a customer who wishes to purchase goods from the supplier; but instead of using his own monies to fund the purchase, the fraudster deceives the victim into making payment to the supplier.  The fraudster therefore benefits by getting the goods without having to pay for them, and the victim therefore loses his funds as a result of the deception.  The supplier, often an unsophisticated trader who is only concerned about getting paid for his goods rather than the source of the funds and the identity of his customers, would not be aware of the fraud at the time of receiving payment.  In such a scenario, the supplier would have unknowingly participated in the fraud and may face a claim by the victim for the return of the funds.  

Worse still, if the supplier then makes further payment to other parties using the victim’s funds, those other parties may face claims by the victim as well. 

The use of virtual bank accounts is also becoming prevalent.  Under this type of arrangement, a person can set up a virtual bank account in his name to receive payment, but such virtual account does not actually hold any money; instead, any money paid to it would be automatically directed to a physical bank account.  In fraud schemes, such physical bank account may be held by a payment collection agency; and the fraudster in turn maintains an account with the agency.  This increases the time and effort which the victim needs to find out the true identity of the fraudster and details of the fraudster’s account, especially if the victim is overseas.  The mixing of funds in the physical bank account also presents difficulty in the victim’s recovery of his lost funds.

Emergence of AI Deepfake Technology and Digital Currency Exchange

In addition to the schemes mentioned above, advanced technologies are providing new tools for creating deceptions and channels to facilitate the illegal dissipation of funds.

The emergence of AI deepfake technology enables fraudsters to create hyper-realistic images, videos, and audio that can be used for deception.  A recent example is where a finance worker in a multinational firm was tricked into paying US$25 million to a fraudster disguised under an AI deepfake identity.  The victim initially received a message from someone purported to be the company’s UK-based chief financial officer, demanding a secret transaction to be made.  Although the victim had some suspicion, he was invited to a video conference which was attended by whom he thought to be his other colleagues.  Yet, it transpired that every person (except the victim himself) in that video conference was created by AI deepfake technology.   

It is also worrying that AI deepfake technology could be used to deceive the facial recognition programmes and even evade the security process in registering and logging into bank accounts.  As such technology becomes more accessible and advanced, it is important for everyone to stay vigilant and to ensure that proper verifications are made in online interactions.

Fraudsters are also making use of digital currency exchanges to convert physical funds into digital currencies, exploiting the perceived security and anonymity offered by such exchange platforms.  This method allows fraudsters to obscure the origins of their funds and move them across borders within a short period of time without attracting the scrutiny typically associated with traditional banking systems.

What You Should Do

There are three steps which should be taken immediately if you find yourself a victim of electronic fraud which involves money being sent to a bank account in Hong Kong. Time is of the essence.

Firstly, you should contact your own bank and the recipient bank immediately to try to recall the fund transfer and notify the banks about the fraud. 

Secondly, you should make a report to the Hong Kong Police.  This can be done either in person at a Police station or online via the Anti-Deception Coordination Centre of the Police (https://www.adcc.gov.hk/).  In appropriate cases, the Police may issue a document called “Letter of No-Consent” to the recipient bank which would have the effect of freezing the recipient bank account containing funds obtained from the fraud while further investigation takes place.

Thirdly, in order to recover the funds, you shall commence civil court action against the fraudster and/or other relevant parties.  In some cases, it may be advisable to seek immediate injunctive relief to prevent further dissipation of the funds, or to seek disclosure order to trace other recipients of the funds.  Even if the funds in question have been frozen, civil action should be taken as soon as possible as there may be competing claims made against the same recipient defendant.

At the same time, businesses should conduct reasonable due diligence on new customers and their source of funds, especially in case of one-off transactions involving large sums of monies, to reduce the risk of becoming unknowingly involved in electronic fraud.

How Haldanes can help you

At Haldanes, we have extensive experience in handling electronic fraud cases, assisting victims in making police reports and taking civil recovery actions, as well as providing legal assistance to entities who face claims.  In Zief Incorporated v. Creator Universal (HK) Limited & Ors [2021] HKCFI 730, we successfully sought full recovery for the victim in an email fraud case where, akin to the scenario mentioned above, the recipient of the victim’s monies claimed to be a supplier who had no knowledge of the fraud, but the Court held that it was liable to repay the Plaintiff.  

* * * * *

The rapid advancement of information technology in the past decades has led to the rise and evolution of electronic fraud.  Prevention is always better than cure; the first step of prevention is to understand the common forms of electronic fraud and how they usually happen.  At the same time, swift legal actions help mitigate losses and hold perpetrators accountable.  By fostering a culture of vigilance and responsiveness, we can better protect ourselves and our communities from the pervasive threat of electronic fraud.

Disclaimer: This article is provided for information purposes only and does not constitute legal advice. Please contact us directly if you wish to seek advice about your specific circumstances.

Related Publications

Haldanes 2026 Promotion Announcement: Florence Yan and Christina Ma Promoted to Senior Associates in Criminal Defence Department

Haldanes Law Matters – Episode 28 With Guest Geoffrey Ma

Podcasts

Haldanes contributed to World Bank’s Business Ready 2025 Report – Market Competition section

Sign up for our exclusive legal newsletter

Tune in to our podcast

Haldanes Law Matters