To: Managers and financial staff of companies doing business in China or with Chinese counterparts
Fraud is not new to China, but over the past year we have been approached by several companies who were each defrauded in a similar way, via seemingly legitimate payment instructions that later proved to have been arranged by email hackers. Hereby an introduction to this fraud, and steps that managers can take to avoid becoming the next victim!
In a typical case, a European company receives an email from the regular contact of its supplier, asking for payment of an invoice to an alternative bank account. The wording gives nothing away, nor does the timing of the request. Quite often, payment is made accordingly. Sooner or later however, the supplier asks for payment again. After further investigation it becomes clear what has happened: someone has hacked into the email of the supplier, has reviewed previous emails for both message and tone, and has then sent the payment instructions. Payment is made to a Chinese bank account under a false name and the money is transferred out immediately, usually to a bank account outside China (the Philippines being a popular choice): out of the reach of China's police.
We propose some simple steps to avoid becoming a victim of this kind of fraud:
- Include the supplier's bank account numbers in the contract or commercia invoice;
- Establish strict internal procedures for making all payments (incl. the four-eye principle);
- Be extra careful when asked to remit funds to a bank account that is not pre-approved (e.g. in a contract);
- If there is any doubt, reconfirm with the supplier by telephone;
- Establish internal liabilities for staff that do not follow the rules (e.g. persons that make payments beyond their authorization level should be penalized).
Companies that are defrauded have two options: go to the police, or pursue the supplier. The Chinese police can be a powerful ally, but fraudsters often know how to cover their tracks. In other cases the supplier can be pressured to take some of the blame, but it will help if good contracts and clear internal procedures are in place to establish the supplier's fault.
A final word of caution: we have described what presently seems like the most popular way to defraud international companies that are doing business in China; however it is not the only situation to be cautious about. Other typical circumstances to avoid include:
- A foreign company unexpectedly receives a big order from a Chinese customer, but is asked to travel to China to clinch the deal. Once in China, the foreign manager is tricked or blackmailed into paying various expenses or even huge sums of money, followed by the deal falling through in the end.
- A foreign company is approached by a Chinese domain name registration agent, with the warning that another party is trying to register the foreign company's domain names. The foreign company gets frightened and agrees to register all these domain names first, even if it doesn't really need them.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.