Recovery from Cyber Fraud Loss in the Covid-19 Era
Kennedys Hong Kong
With work from home (WFH), the way people at work interact changes fundamentally. There is no more water cooler talk which happens when colleagues take a break and discuss their interests or other work-related gossips. We have less informal ways of collaboration. Furthermore, we have less and less ‘meet and greet’ opportunities with clients. We rely heavily on email communication. This work style creates an opportunity for bad actors (aka hackers) to trap us with phishing emails, which might cause substantial loss to business.
The case of phishing email fraud is on the rise this year. Take Hong Kong as an example, phishing is the top one external attack (see table below).
TOP 5 EXTERNAL ATTACKS IN HK 2019-2020
Table Source: SSH Hong Kong Enterprise Cyber Security Readiness Index Survey, conducted independently by HKPC, supported by HKCERT and sponsored by SSH
Step 1 : Report to the police and get a ‘No Consent’ letter
After formally report to the police, Joint Financial Intelligence of Hong Kong https://www.jfiu.gov.hk/en/ may issue a letter of no consent to banks to temporarily freezing the bank account in question.
Step 2 : Obtain injunction and banker’s disclosure orders
This step will seek the help from a lawyer to proceed. If the amount of the cyber fraud is large, it is critical to take legal action immediately to perform the followings:
- Proprietary injunction
- Mareva injunction
- Banker’s disclosure order
Beside Kennedys’ advise, we, as cybersecurity expert, would like to add another organization that you might consider contacting in case of cyber fraud.
Step 3 : Report to the CERT in your region. In case of Hong Kong, you can report to Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) https://www.hkcert.org/incident-reporting. HKCERT provides free 24-hour hotline services for incident reporting and giving advice on incident response and recovery. They might also seek assistance from overseas CERT teams.
Like any investigation, we advise victims of any cyber fraud to keep any evidence of the fraud for further cyber forensic investigation.
Stay Cyber Safe!