A construction materials company based in Europe has been conned out of $7m by scammers in Hong Kong who impersonated one of its senior managers.
The loss, the largest reported to the Hong Kong authorities this year, is part of a surge of email-based fraud in the region.
The South China Morning Post reports that the crooks first hacked into the company’s server, after which they were able to send emails from the account of a US-based executive instructing the accounts department to transfer the cash to a Hong Kong bank account.
Police sources told the paper that the unnamed company was the largest victim of email fraud this year.
According to Hong Kong authorities, there were 191 commercial email fraud cases in the first quarter of 2018, involving US$42m, compared with 124 cases involving $16m over the same period last year. About 60% of the victims were based outside Hong Kong.
In most cases, the fraud was committed after criminals gained access to a company’s IT system using an email attachment infected with a "trojan" virus.
The most common method is to embed the virus in a CV sent as part of a fake job application.
Once inside, the fraudsters look for someone with the power to order money transfers by internal email, and then bide their time until a suitable opportunity arises.
A police source told the paper: "If the chief executive officer is taking a flight during a business trip and is unable to contact his staff, the fraudsters will take this opportunity to pretend to be him and send a fictitious email instructing his staff to transfer money."
The source added that gangs in the US, Europe and mainland China were behind the scams.