A review of cyber fraud involving payments into fraudulent bank accounts in Mainland China
Background
The continuous development of cyber technology has also resulted in cybercrime permeating into various industries and markets. We have recently received various queries regarding international trade-related cyber fraud incidents seeking assistance with the recovery of funds wrongfully paid into a third-party bank account opened in Mainland China. This article reviews the common approaches used by fraudsters to take advantage of such bank accounts, and offers guidance on effective remedies for recovering the funds as well as precautions to minimise such risks.
Cyber Fraud in International Trade
By comparing the various cyber fraud cases we have come across, we were able to summarise the procedures criminals frequently take to defraud their targets, as follows:
STEP 1 – The fraudsters hack into the email systems or other instant messenger services such as WhatsApp and WeChat used by the seller and buyer to communicate, and steal the relevant trading information.
STEP 2 – They use newly created email addresses or instant messenger accounts that look very similar to the real ones used by the trading parties, and communicate by impersonating the real parties, blocking and procuring trading details, and become the interface between the parties.
STEP 3 – Once the transaction is at the shipment and payment stage, the fraudsters will falsely allege, by impersonating the seller, that they need to change the recipient bank account for some reason (e.g. tax regulation) which may sound quite reasonable, and they thus require the buyer to remit the funds to a third-party bank account designated by them, in this case, one which was opened at a local bank in mainland China.
STEP 4 –The criminal actors vanish after transferring the funds out of the third-party bank account.
Obstacles
It is usually difficult to investigate cyber fraud cases which occur in an international trade setting without cross-border cooperation because the parties involved are often based in different countries/regions across the world. In this context, it is quite challenging to verify the location of the fraud and the identity of the fraudsters. Moreover, as the fraudsters usually transfer the funds immediately after receiving them, unless the victims freeze the funds or attach the bank account in time, recovery will be very challenging.
Remedies
In cyber fraud cases, payments are usually requested by way of remittance because this approach is fast, and leaves little time for victims to respond or take the necessary measures to suspend the transactions. However, if the victims do not take remedial measures as soon as they become aware of the potential fraud, they will most likely miss the best opportunity for holding on to their funds, and may face a difficult and expensive recovery exercise as well as potential exposure to further losses.
The victims are thus advised to seize the golden opportunity and take imminent and effective measures to prevent the funds being transferred or dispatched as soon as they suspect fraud. The following remedies are set out for your consideration:
A. Send a Notice Suspending the Release of Funds to the Recipient Bank
In practice, if the beneficiary uses a bank account opened in mainland China to receive a remittance from overseas, they will need to settle the foreign exchange at the recipient bank before they can actually control, dispose of, or transfer the funds into the account. Therefore, a victim may opt to issue a Notice Suspending the Release of Funds, or some similar message, to the recipient bank either directly from themselves or via the paying bank, explaining that the payment may involve cyber fraud, and request that the recipient bank prevent the beneficiary from settling the foreign exchange or disposing of the relevant funds, until further investigation and/or a decision from the judicial authorities.
To have the funds released as soon as possible, cyber fraudsters would normally forge the relevant trading documents, including sales contracts, invoices, bills of lading and customs declarations, etc. and provide the same to the recipient bank for settlement of the foreign exchange. If the said Notice could be sent to the recipient bank in a timely manner, it would be an effective warning, reminding them to be extremely cautious in reviewing the documents tendered for the release of funds. Any delay in sending the Notice may put the victim at a disadvantage for the recovery of the funds.
B. Report to the Police for Criminal Investigation
During a criminal investigation, the local Police may decide to freeze any funds and payments to prevent the fraudster from transferring the funds.
In accordance with the relevant provisions of the Criminal Procedure Law of PRC, the Police may, for the purpose of the criminal investigation, inquire about, or freeze the deposits, remittances, and other property of the criminal suspects. However, the precondition for the Police taking these measures is that they have decided to accept the case and established jurisdiction over it, which may not be straightforward in practice as it usually involves cross-border transactions.
C. Apply for an Asset Preservation Order and File a Civil Action
In the event that the Police in mainland China refuses to accept or register the case, the victims are advised to file an Application for an Asset Preservation Order before the court where the receiving bank is located so as to freeze the beneficiary’s bank account, preventing the fraudsters from transferring the funds.
PLEASE NOTE, as required by the Civil Procedure Law of PRC, the applicant for a pre-litigation Asset Preservation Order will need to provide counter security. Moreover, substantive proceedings will have to be commenced within 30 days from the date when the court issues the Order. If substantive proceedings are not commenced within the prescribed time limit, the Order shall be lifted by the court.
Precautions
Given the difficulty and expense of carrying out the post-fraud remedies listed above, it would be advisable to take precautionary measures beforehand so as to minimise the risk of suffering those losses. For example:
- Conduct a detailed check and verification of the email address or instant messenger account used by the seller during communications, particularly when receiving the payment instructions. In practice, it might be difficult to discover, at first sight, the discrepancy with the email address used by the fraudster upon receipt of the emails but it will be easier to spot the difference after clicking the “reply” button. You are advised to pay particular attention to the suffix of the email address (the part that lies to the right of the @ symbol), which would normally be significantly different from the real email address.
- Pay attention to the seller’s address and contact details as displayed in the email signature or the instant messenger account and see if they are consistent with the ones previously known to you or provided in the public domain.
- Investigate through third-party professionals the authenticity of the reasons provided to change the bank account details, as well as the relationship between the seller and the holder of the new bank account.
- Re-confirm, through video calls, the identity of the seller and the authenticity of the payment instructions and/or the change of bank account.
- Set up a well-rounded internal payment review process.
- Establish a robust security procedure or purchase insurance for cyber fraud exposure.
The processes used to carry out cyber fraud in international trade are changing constantly, and they are far more sophisticated than we expect. It is challenging to judge whether the relevant information received from third parties is authentic or false. While it is always important to stay vigilant during the course of business, it is also a good practice to seek assistance from third-party professionals (such as investigation companies, lawyers, or insurance companies) during the course of business so as to lower the risk of being defrauded, to mitigate losses and, more importantly, to maximise the chances of recovery in the event of fraud.