Cyber fraud: Assessing options for asset recovery

• Published date: 03 June 2021
• Subject Matter: Criminal Law, Technology, White Collar Crime, Anti-Corruption & Fraud, Security
• Law Firm: Timothy Loh
• Author: Mr Timothy Loh and Gavin Cumming

Cyber fraud causes billions of dollars of losses each year. Fraudsters often use Hong Kong as a destination for funds fraudulently obtained from victims because Hong Kong is an international business and financial centre. Though the path to recovering such funds is typically complicated by the fact that fraudsters take active steps to limit recovery, Hong Kong offers a robust legal system that offers the means for asset recovery. In this article, we describe common asset recovery options for victims of cyber fraud where the funds have been sent to Hong Kong. In an earlier article, we provided a checklist of immediate action items for victims of cyber fraud where funds are transferred to Hong Kong. Readers with specific queries as to asset recovery options as a result of cyber fraud should contact one of our dispute resolution lawyers.

Cyber fraud takes many forms. According to the Anti-Deception Coordination Centre of the Hong Kong police, the most common forms of cyber fraud are business email compromise, confidence fraud and investment fraud.

Business Email Compromise (BEC) Fraud

Business email compromise is a type of cyber fraud where fraudsters compromise email systems, enabling them to impersonate individuals for the purpose of giving instructions for the movement of funds or otherwise disclosing valuable commercial data to the fraudsters. Business email compromise is sometimes known as email account compromise (EAC).

Confidence Fraud

Confidence fraud is a type of fraud where fraudsters gain a victim's confidence under false pretences to persuade the victim to give them money. A common type of confidence fraud is romance fraud, where a fraudster meets a victim online and develops a romantic relationship with the victim. Once the fraudster earns the victim's trust, the fraudster indicates a need for funds.

Investment Fraud

Investment fraud is a type of fraud where fraudsters use false pretences to persuade a victim to make an investment in a business or financial product that does not exist or that is different from what the victim has been led to believe. In a common type of online investment fraud, the fraudster preys on a victim looking to raise capital for a business. The fraudster assures the victim that he will be able to provide the needed capital but the victim must pay various fees to access the capital. Needless to say, once the fees are paid, no capital is provided.

The Role of Hong Kong in Cyber Fraud

Hong Kong is an international business and financial center. It is common for companies around the world to deal with businesses and financial institutions in Hong Kong. As a result, the use by fraudsters of bank accounts and companies located in Hong Kong often raises no alarms.

At the same time, incorporating a company in Hong Kong is a fast and easy process.

Given the foregoing, it is not surprising how frequently cyber fraud involves Hong Kong banks and companies. Indeed, according to the U.S. Federal Bureau of Investigation (FBI), the majority of business email compromise and email account compromise frauds feature Hong Kong bank accounts.

The Role of The Hong Kong Police

Though it is possible to recall funds which have been transferred as a result of cyber fraud where the funds have yet to be deposited into the bank account in Hong Kong designated by the fraudster, once the transfer is complete, it is highly unlikely that the funds can be recalled. This is not, however, to say that the victim has no remedies available.

Making a Report to the Police

A first step is for the victim to report the fraud to its local police as well as the Hong Kong police. As a practical matter, the Hong Kong police will not assist the victim to recover the funds. While they will investigate, they will not adjudicate the rightful ownership of funds in a bank account. It is for the Hong Kong courts to conduct that adjudication.

The Hong Kong police report, however, provides evidence of the cyber fraud and will be helpful in establishing the bona fides of the fraud should the victim advance a claim in court to recover the proceeds of the fraud (i.e. the monies transferred by the victim to the fraudster and what becomes of it).

Action by the Police

In the normal course, once the victim reports the cyber fraud to the Hong Kong police, the police will open an investigation. There are a number of possible criminal offences including fraud and obtaining property or pecuniary advantage by deception.

At times, the Hong Kong police may disclose information discovered by them in the course of their investigation such as the bank balance of the account to which the proceeds of the fraud have been transferred. However, they have no obligation to do so and often will refuse to do so, sometimes on the basis of personal data privacy legislation.

Equally, the Hong Kong police may issue a "no-consent" letter, or a Letter of No Consent ("LNC"), to a holder of the proceeds of the fraud, typically the bank in which the proceeds of the fraud have been deposited. The effect of such a letter is to put the recipient on notice that dealings in those proceeds may constitute a criminal offence. In this way, it generally results in the banks freezing the account in which the proceeds are held. However, as with the disclosure of information, the Hong Kong police have no...