According to the FBI, the number of victims of email bank fraud has increased significantly, by about 270%, since January 2015.
This particular cybercrime has various names: “CEO Fraud” – because the fraudster impersonates the company’s CEO, when giving the instructions to make the payment; “fake President scam”; “business email compromise”; “man-in-the-middle scam” and “man-in-the-email” fraud.
Worldwide, over $2.3 billion has been lost to this scam.
The fraud usually operates as follows: the fraudster hacks into victim’s email account system and pretends to be the CEO of the company or an established overseas supplier to the company. Typically, the fraudster will use an email address which is similar to the CEO/supplier’s authentic email address save for the substitution of one character in the email address for a similar or combination of characters (for example, putting “r n” in place of “m” or “l” in place of “i”).
Impersonating the CEO or supplier, the fraudster sends an email to the company’s financial controller instructing him/her to make a payment by wire transfer to an account. The victim duly wires the funds to the nominated recipient account. After the payment is made, the victim discovers that the recipient account is not the account of a genuine supplier or anyone known to the company. Often, the victim will immediately contact its bank, trying to stop the wire transfer from going through, but typically the funds would have already been sent to the fraudster’s account.
Regrettably, monies stolen using business email compromise scams are often traced to Hong Kong. Bank accounts at branches and financial centers in Hong Kong are one of the most common destinations for such stolen funds. Fraudsters frequently incorporate front-companies in Hong Kong, which carry on no genuine business and whose sole purpose is to receive wire transfers from overseas victims.
If you are a victim of a business email compromise and you have reason to believe the funds have been sent to Hong Kong, you should immediately make a complaint to the Hong Kong Police, without any delay.
A report can be made online through the Hong Kong Police website. Usually, the matter would be dealt with by the Cyber Security Division at Arsenal House, Police Headquarters, 1 Arsenal Street, Wan Chai, Hong Kong. The Hong Kong Police will usually investigate the matter as a money-laundering case and, typically, the Hong Kong Police will notify the recipient bank in Hong Kong.
Once the recipient bank receives notification from the Hong Kong Police, the recipient bank will usually freeze the stolen funds and keep them frozen for sufficient time to enable the victim to recover the funds through civil proceedings commenced in either the High Court or District Court of Hong Kong.
Importantly, the recipient bank will not keep the funds frozen indefinitely, so it is important for the victim to retain a firm of Hong Kong solicitors to assist in recovery of the funds through proceedings in court.
Payne Clermont Velasco has assisted several clients successfully to recover monies stolen via business email compromise scams. In recognition of our work in this area, Payne Clermont Velasco was awarded the “Business Law Firm of the Year” by Lawyer Monthly magazine, in 2015.
If you need assistance in respect of a business email compromise matter, please contact Gregory Payne at email@example.com