Email Scam

Nowadays, email is a common form of communication channel for liaising with relatives and friends as well as commercial partners.  Culprits would hack email accounts and cheat victims by all possible means to make remittances.  Some victims have suffered significant amount of losses in some cases.   Here are some common scenarios:

Example 1 (Corporate level): “Change of supplier bank details”
Fraudsters knew from stolen emails about the transactions of Company A (the seller, the consignor) and Company B (the buyer, the paying company).  Later, fraudsters, pretending to be Company A, sent fictitious emails (which are very similar to genuine emails) to Company B, claiming that the email address and payment receiving bank account number have changed, and requesting Company B to credit the amount payable to the designated account.  Afterwards, when contacting Company A by phone, Company B found out that it had been deceived by fictitious emails and suffered losses both in money and business reputation.

Example 2 (Personal level): “Overseas relatives/ friends need immediate money remittance”
After hacking into a personal email account, fraudsters sent out deceptive emails to all persons on the contact list of the account.  The email defrauded that the sender had encountered an accident overseas and requested the victims to transfer money to accounts designated by the fraudsters as a matter of emergency.  Some victims made the remittance without further verification and only realised that they had been cheated when contacting their relatives or friends.

Police appeal:
The Police call on all members of the public to be alert of suspicious emails, and raise their awareness in preventing this kind of scam, such as taking the initiative to confirm the true identities of recipients or the genuineness of the requests by telephone, facsimile or other means before remittances, so as to prevent such kind of scam.

IT security tips to prevent hacking:

Email and password security Computer system security
  • Safeguard personal data, including personal and commercial email accounts to prevent from being stolen by culprits;
  • Do not use computers in public places to access personal email box, use instant messaging software and e-banking, or carry out other operations involving sensitive data;
  • Set proper passwords and change them regularly;
  • Do not open emails of dubious origins;
  • Do not download attachments of suspicious origin or nature;
  • Use anti-virus software to scan for virus before opening attachments.
  • Use genuine software;
  • Update software with patches provided by software developers;
  • Install and turn on firewall and intrusion detection system;
  • Update virus and spyware definition files;
  • Use anti-virus software to scan computers regularly;
  • Do not download software of suspicious origin or nature;
  • Protect wireless networks.