China and Hong Kong: COVID-19 - When fraudsters go phishing in the pandemic - Mitigating cyber fraud risk and maximizing recovery amidst COVID-19

In brief

With the slowdown in economic activity globally due to COVID-19, the number of cyber fraud cases from around the world has surged. The Hong Kong Police, the Action Fraud (UK’s National Fraud & Cyber Crime Reporting Centre), and the Australian Cyber Security Centre, have all recorded a significant increase in COVID-19-related reported incidents since the outbreak of the crisis.


Chinese version


From supply scams related to bulk purchases of personal protective equipment, to business email hacking incidents targeted at companies across sectors most susceptible to supply chain disruption – fraudsters demonstrate a high level of technical and economic sophistication as they exploit the fear and uncertainty created by the pandemic. These frauds can be significant, leading to losses of tens of millions of USD/GBP/EURO.

Cyber fraud is a high-volume and fast-changing global phenomenon. Our team has handled well over 100 cyber fraud incidents in Hong Kong and China. This alert focuses on the latest risks arising out of the current situation, and how we can help recover your money and manage the impact of cyber fraud.

Common cyber frauds

Some of the schemes we continue to see include:

CEO fraud – In this scenario, individuals (often in the finance team) are pressured or misled by email imposters (often coupled with telephone contact) into transferring significant sums of money to fund typically “highly confidential” or "secret" transactions that are said to necessitate bypassing regular internal controls.

Supplier fraud or change of bank fraud – A supplier’s emails have been hacked or spoofed, misleading the victim to change payment instructions and pay actual invoices to the fraudster. Similarly, this may also apply to banks / financial institutions which accept fraudulent email instructions from a customer.

Direct theft via hacking into sophisticated systems – Typically here, the fraudster hacks into a financial institution’s system and issues fraudulent SWIFT instructions under the guise of an existing bank customer, to transfer huge sums of money to overseas accounts. This may only be discovered by the bank the next day during its daily reconciliation exercise.

The initial breach which exposed the victim corporation/bank to these scenarios may have come from a malware-embedded link/phishing email attachment which an employee of the corporation/bank inadvertently clicked into/downloaded.

The increased risks arising from COVID-19

Beware of a variety of new scenarios arising out of the COVID-19 outbreak such as:

Fake vendors – These schemes relate to non-delivery of bulk purchases of personal protective products such as sanitizer gels and face masks, in which millions of dollars have been paid to the fraudsters.

Fraudulent charities – Using phishing emails which mimic non-government health agencies soliciting donations to help fight COVID-19.

False government tax refunds – These schemes use phishing emails containing information relating to false tax rebate initiatives by governments, designed to trick individuals into clicking onto a mal-ware embedded link (dressed up as a link which can access rebate funds) and providing personal financial and tax-related information to the fraudsters.

Other “Click here” scams – Many phishing scams are designed to extract valuable information from victims which could then be misused for financial gain or otherwise. A common tactic in these schemes is luring individuals to click on a link or document to access relevant and topical information regarding cures/vaccines/protective measures and precautions/industry disruptions, from what appear to be trustworthy sources such as NGOs, medical or industry experts. Once clicked, malware that gives the fraudster easy access to information stored on the victim’s computer will be automatically downloaded.

Companies also need to stay vigilant and be aware of potential phishing scams relating to the latest release of the multi-billion economic relief packages by Governments.

We regularly assist our clients with practical tips, like those here, to help minimize risk or maximize the prospect of recovery in the unfortunate event of a cyber fraud incident:

React quickly – This is vital to maximizing the chances of recovery: (a) inform your bank; ask it to reverse the transaction and notify the recipient bank to return/freeze the funds; (b) file a police report; and (c) contact us - we can then follow through with the necessary steps including court action to recover the proceeds.

Staff training and IT system enhancement – These are fast-changing risks. Roll out internal training on the risks involved in cyber fraud, and enhance IT systems to safeguard against the latest threats. We can help prepare training and can facilitate real-life case studies that focus on identifying red flags, and protocols to follow in the event of a suspected fraud to help minimize the loss for the company. We also work with service providers to help test the efficiency of cyber security measures with mock phishing tests and baseline risk assessments.

Contracts and insurance policies – Factor in these risks when negotiating contracts and considering the suitability of insurance policies. For example: if a vendor is hacked, who bears the loss? 

Consider regulatory obligations – Apart from financial loss, other major implications of cyber fraud are the potential loss of valuable and important data, and unwarranted attention from regulators. Companies should keep front of mind the range of regulatory obligations to which they are subject such as those imposed by privacy, securities, monetary and other authorities. 

* * * * *

The COVID-19 crisis is changing the way we work. In an already technology-driven world, these unprecedented times are amplifying the risks posed by cyber fraud. Fraudsters are eager to capitalize on fallibilities and on flaws in IT systems. Fraud may be detected less swiftly as people work remotely. It is imperative that companies are well prepared to manage the impact of cyber fraud.

If you have any questions on the matters covered or need further clarification on any issue, please do not hesitate to get in touch with your usual contact at Baker McKenzie, or the lawyers listed in this Alert.

Contact Information

© 2021 Baker & McKenzie. Ownership: This site (Site) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms, including Baker & McKenzie LLP). Use of this site does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All information on this Site is of general comment and for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulation and practice are subject to change. The information on this Site is not offered as legal or any other advice on any particular matter, whether it be legal, procedural or otherwise. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any information provided in this Site. Baker McKenzie, the editors and the contributing authors do not guarantee the accuracy of the contents and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the contents of this Site. Attorney Advertising: This Site may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Site may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. All rights reserved. The content of the this Site is protected under international copyright conventions. Reproduction of the content of this Site without express written authorization is strictly prohibited.