China and Hong Kong: COVID-19 - When fraudsters go phishing in the pandemic - Mitigating cyber fraud risk and maximizing recovery amidst COVID-19

In brief

With the slowdown in economic activity globally due to COVID-19, the number of cyber fraud cases from around the world has surged. The Hong Kong Police, the Action Fraud (UK’s National Fraud & Cyber Crime Reporting Centre), and the Australian Cyber Security Centre, have all recorded a significant increase in COVID-19-related reported incidents since the outbreak of the crisis.


Chinese version


From supply scams related to bulk purchases of personal protective equipment, to business email hacking incidents targeted at companies across sectors most susceptible to supply chain disruption – fraudsters demonstrate a high level of technical and economic sophistication as they exploit the fear and uncertainty created by the pandemic. These frauds can be significant, leading to losses of tens of millions of USD/GBP/EURO.

Cyber fraud is a high-volume and fast-changing global phenomenon. Our team has handled well over 100 cyber fraud incidents in Hong Kong and China. This alert focuses on the latest risks arising out of the current situation, and how we can help recover your money and manage the impact of cyber fraud.

Common cyber frauds

Some of the schemes we continue to see include:

CEO fraud – In this scenario, individuals (often in the finance team) are pressured or misled by email imposters (often coupled with telephone contact) into transferring significant sums of money to fund typically “highly confidential” or "secret" transactions that are said to necessitate bypassing regular internal controls.

Supplier fraud or change of bank fraud – A supplier’s emails have been hacked or spoofed, misleading the victim to change payment instructions and pay actual invoices to the fraudster. Similarly, this may also apply to banks / financial institutions which accept fraudulent email instructions from a customer.

Direct theft via hacking into sophisticated systems – Typically here, the fraudster hacks into a financial institution’s system and issues fraudulent SWIFT instructions under the guise of an existing bank customer, to transfer huge sums of money to overseas accounts. This may only be discovered by the bank the next day during its daily reconciliation exercise.

The initial breach which exposed the victim corporation/bank to these scenarios may have come from a malware-embedded link/phishing email attachment which an employee of the corporation/bank inadvertently clicked into/downloaded.

The increased risks arising from COVID-19

Beware of a variety of new scenarios arising out of the COVID-19 outbreak such as:

Fake vendors – These schemes relate to non-delivery of bulk purchases of personal protective products such as sanitizer gels and face masks, in which millions of dollars have been paid to the fraudsters.

Fraudulent charities – Using phishing emails which mimic non-government health agencies soliciting donations to help fight COVID-19.

False government tax refunds – These schemes use phishing emails containing information relating to false tax rebate initiatives by governments, designed to trick individuals into clicking onto a mal-ware embedded link (dressed up as a link which can access rebate funds) and providing personal financial and tax-related information to the fraudsters.

Other “Click here” scams – Many phishing scams are designed to extract valuable information from victims which could then be misused for financial gain or otherwise. A common tactic in these schemes is luring individuals to click on a link or document to access relevant and topical information regarding cures/vaccines/protective measures and precautions/industry disruptions, from what appear to be trustworthy sources such as NGOs, medical or industry experts. Once clicked, malware that gives the fraudster easy access to information stored on the victim’s computer will be automatically downloaded.

Companies also need to stay vigilant and be aware of potential phishing scams relating to the latest release of the multi-billion economic relief packages by Governments.

We regularly assist our clients with practical tips, like those here, to help minimize risk or maximize the prospect of recovery in the unfortunate event of a cyber fraud incident:

React quickly – This is vital to maximizing the chances of recovery: (a) inform your bank; ask it to reverse the transaction and notify the recipient bank to return/freeze the funds; (b) file a police report; and (c) contact us - we can then follow through with the necessary steps including court action to recover the proceeds.

Staff training and IT system enhancement – These are fast-changing risks. Roll out internal training on the risks involved in cyber fraud, and enhance IT systems to safeguard against the latest threats. We can help prepare training and can facilitate real-life case studies that focus on identifying red flags, and protocols to follow in the event of a suspected fraud to help minimize the loss for the company. We also work with service providers to help test the efficiency of cyber security measures with mock phishing tests and baseline risk assessments.

Contracts and insurance policies – Factor in these risks when negotiating contracts and considering the suitability of insurance policies. For example: if a vendor is hacked, who bears the loss? 

Consider regulatory obligations – Apart from financial loss, other major implications of cyber fraud are the potential loss of valuable and important data, and unwarranted attention from regulators. Companies should keep front of mind the range of regulatory obligations to which they are subject such as those imposed by privacy, securities, monetary and other authorities. 

* * * * *

The COVID-19 crisis is changing the way we work. In an already technology-driven world, these unprecedented times are amplifying the risks posed by cyber fraud. Fraudsters are eager to capitalize on fallibilities and on flaws in IT systems. Fraud may be detected less swiftly as people work remotely. It is imperative that companies are well prepared to manage the impact of cyber fraud.

If you have any questions on the matters covered or need further clarification on any issue, please do not hesitate to get in touch with your usual contact at Baker McKenzie, or the lawyers listed in this Alert.

Contact Information

Copyright © 2022 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.