Publication | Cyber Fraud and Recovery in Hong Kong – Part 2: Recommended Follow-up Actions and the Latest Relevant Developments in Hong Kong Law

What Action Should a Victim Take After Cyber Fraud Occurs?

  1. As mentioned in our previous article, cyber fraud in the form of, for instance, phishing attack or pig-butchering scams, is increasingly prevalent in Hong Kong, giving rise to sizable losses suffered by the victims. Based on the experience of the cases recently handled by our firm, a victim should take the following actions promptly after the occurrence of cyber fraud in order to maximize the chances of recovering the defrauded proceeds:
    1. Notify the bank immediately and request the bank to notify the recipient bank to cancel the remittance as soon as possible.
    2. Report to the police (including Hong Kong and overseas police): If the victim is situated overseas and has transferred money through an overseas bank account, the victim should first report the crime to its local police. After receiving the case report, the local police can contact the Interpol branch in that country/region for the Interpol branch to request the police in other countries/regions to assist in the investigation.

Cyber Fraud and Recovery in Hong Kong

  1. In Hong Kong, a victim can report the case in person/through the Hong Kong e-Report Center, or alternatively engage a Hong Kong law firm to assist them in reporting the case to the Hong Kong Police. Based on our experience, during case reporting, the victim should make sure its case fits with the relevant elements of the crime so as to persuade the police to start their investigation.For pig-butchering scam cases, a significant number of victims choose not to report the case to the police out of shame. This concern is however not necessary – once the victims initiate civil proceedings against the fraudsters in Hong Kong, the names of the victims and even the specific facts of the cases can be searched through public channels anyway. It is therefore not advisable for the victim to risk delaying the progress of the investigation for the sake of its case being kept confidential for a mere brief period. According to the introduction by Cyber Security and Technology Crime Bureau of the Hong Kong Police, after occurrence of cyber fraud cases, the fraudsters could transfer the defrauded proceeds through underground banks in as fast as 1-2 days. The timing for the police to initiate investigation and take necessary measures is therefore of utmost importance.

    In addition to the above, reporting cyber crimes to the police can also reap tangible benefits. For example, in Hong Kong:

    1. The police can contact Interpol to activate the International Stop-Payment Mechanism (“ISPM”) to intercept fraudulent remittances sent overseas. The ISPM was jointly established by the Commercial Crime Bureau, Liaison Bureau and the Financial Crimes Unit of the Interpol in October 2019. During that year, a total of HKD 645 million defrauded proceeds were stopped, of which HKD 611 million came into Hong Kong accounts and HKD 34 million went out to overseas accounts.
    2. The police will issue a Letter of No Consent (“LNC”) to local banks, essentially freezing the operation of the bank account in question. Until December 2021, the LNC was of great assistance to victims of small claims fraud cases who did not have sufficient resources to afford injunction applications. Since December 2021, however, the Hong Kong Courts have ruled that LNCs are unconstitutional (latest developments of which we will discuss below).
    3. Obtaining useful information from the police (such as the whereabouts of the defrauded proceeds) could also facilitate the victim’s recovery in civil proceedings.
  2. In the case of a phishing attack, the victim may hire an IT company to investigate and obtain further evidence. For instance, the IT company may be able to detect traces of fraud (e.g. when the victim’s email system was hacked) that can be relied on as evidence/to facilitate further gathering of evidence for the victim’s subsequent recovery proceedings.
  3. If the money has been transferred to a Hong Kong bank account, the victim may engage a Hong Kong law firm to pursue legal recovery actions.

Procedural Design of Recovery Actions in Hong Kong

Basic procedures

  1. According to our past experience, if a victim elects to go for a simple civil recovery action, its steps can be broadly summarized as follows:
  1. A Generally Indorsed Writ of Summons (without a Statement of Claim particularizing the victim’s case) is served on the defendant (fraudster or other payee(s)).
  2. The defendant fails to acknowledge service of the Writ of Summons within the statutory time limit, and the plaintiff applies directly for a default judgment.
  3. After obtaining a default judgment, the plaintiff applies to the Court for a Garnishee Order (a third party debtor’s order) requiring the bank to return the defrauded proceeds in the fraudster’s account to the victim.
  1. While the above-mentioned simple procedure is the most cost-effective and suitable for victims with smaller fraud claims, this operation involves certain risks. As mentioned above, in cyber fraud cases, the defrauded proceeds can be transferred away within a short period of time. In other words, if no other measures are taken to protect the victim’s position (e.g. a failure to report the case to the police, resulting in the police failing to issue an LNC in time), the victim is likely to find out that the defrauded proceeds have already been dissipated and nothing can be recovered after going through the entire civil recovery process.

Additional Measures

  1. In light of the above, if the victim is in a position and is able and willing to devote additional resources to recovery efforts, the victim may consider the following additional measures (and combinations thereof) with a view to preserving the defrauded assets to a maximum extent:
  1. Norwich Pharmacal Order and Gagging Order: The Norwich Pharmacal Order targets innocent third parties not involved in the fraud (i.e. companies or natural persons who are unknowingly, through no fault of their own, to some extent involved in some tortious or improper activities; in cyber fraud cases these are usually banks), and orders them to disclose documents and information related to the cyber fraud so that the victim can ascertain the whereabouts of the defrauded assets and consider further legal action.In cyber fraud cases, such a third party is usually the bank in which the fraudster and its associates maintained account(s). Due to the special relationship of trust and confidence between the bank and its client, if the bank learns of the victim’s impending legal action against the account in question (e.g. the victim’s intention to apply for a third-party disclosure order), the bank is obligated to notify its client, namely the fraudster and its associates, thereby alerting the fraudster and possibly prompting it to dissipate the assets in advance.

    To avoid these risks and to prevent creating any obstacles to the victim’s legal or investigative action, it is necessary for the victim to apply for a Gagging Order before applying for a Norwich Pharmacal Order to prevent the bank from disclosing any information about the recovery action and disclosure application to the fraudster.

  2. Injunction: This is to prevent the fraudster and its associates from disposing of or dissipating the defrauded assets in Hong Kong prior to a Court judgment to ensure enforcement thereof. Injunction can, together with an LNC issued by the Hong Kong Police or ISPM, protect the victim’s position in more ways than one.Typically, injunction applications are made on a more urgent, ex parte basis to prevent the fraudster from transferring or concealing the defrauded assets if it has been notified of the application. If an injunction is possible, the victim may seek a longer effective period from the Court, for example, until the conclusion of the enforcement of the eventual judgment.

    In the case of a Mareva injunction, which is often utilized in cyber fraud cases, the Hong Kong Court will consider the following factors when deciding whether to grant the order:

    1. whether the victim has a good arguable case;
    2. whether the fraudster has assets in Hong Kong;
    3. whether the Court agrees that an injunction is appropriate after weighing all the relevant circumstances involved in the proceedings (e.g. the importance of granting an injunction, the strength of the parties’ cases, etc.); and
    4. whether there is a real risk of dissipation of assets by the fraudster before the Court hears the parties’ cases.

    As mentioned in Part 1 of our article, in the process of assisting Mr M in his online romance scam, our firm has successfully helped him recover most of the defrauded proceeds by applying for an injunction as well as other additional measures. Pausing here, it seems rather common for numerous victims of cyber fraud to seek recovery at the same time, a lot of times in which there would not be sufficient assets for full recovery for all of the victims. Another reason for obtaining a satisfactory result in Mr M’s case was that our firm had diligently kept tabs of the procedural timetable and swiftly obtained a Garnishee Order ahead of other possible victims-competitors.

    Cyber Fraud and Recovery in Hong Kong

Recent Developments in Hong Kong Law

  1. Victims of cyber fraud should be mindful of recent developments in Hong Kong law that may have a material impact on victims’ future recovery actions.

Fraud exception rule repealed

  1. First, the most recent amendments to the procedural rules, effective on 1 December 2021, lowered the threshold for summary judgment applications and eliminated the “fraud exception to summary judgment application”.
  1. Before the above amendments came into effect, as the application for summary judgment did not apply to claims based on an allegation of fraud, even if the fraudster raised very flimsy defense, the victim could only elect to:
  1. Either complete the entire civil litigation process in the conventional way (i.e. going through the four major stages of civil litigation in Hong Kong: pleadings, discovery, witness statements and trial), which will be time-consuming and costly; or
  2. To drop the allegation of fraud in order to circumvent the fraud exception and obtain a summary judgment.
  1. Now, a victim of cyber fraud who has a straightforward case (i.e. where the defenses raised by the fraudster are simply untenable) can make use of the summary judgment application mechanism to seek compensation from the defendant without the need to endure lengthy legal proceedings and incur expensive legal fees, allowing the victim to obtain a Court judgment in a quicker and more cost-effective manner.

Tam Sze Leung Case

  1. In the past, victims of cyber fraud cases could rely on LNCs issued by the Hong Kong Police for essentially a freeze on the suspected fraudsters’ bank accounts. Over the years, the LNC system has gradually become a powerful tool employed by the Hong Kong Police to combat fraud. However, on 31 December 2021, the Hong Kong Court of First Instance held that the LNC mechanism is unconstitutional in Tam Sze Leung & Ors v Commissioner of Police [2021] HKCFI 3118.
  1. Because of LNC’s vital role in preventing the transfer or concealment of defrauded assets or proceeds by suspected fraudsters in the early stages of a criminal investigation, the decision in this case may have a significant impact on victims of cyber fraud with smaller claims who have relatively limited resources: given the comparatively high cost of applying for an injunction and the limited resources available, such victims may be forced to make the difficult decision of abandoning their recovery actions.
  1. Nevertheless, for the time being, the public need not be overly worried or even question the need to report fraud to the police, reasons of which are as follows:
  1. Tam Sze Leung is for now a judgment handed down at first instance and the government may appeal to the Court of Appeal. Therefore, the Court of First Instance’s decision that the LNC mechanism is unconstitutional is not final and conclusive and has not yet become binding case law in Hong Kong. The ultimate fate of the LNC mechanism, including whether the government has filed an appeal and (if so) its status, warrants close and continuous observation.
  2. As mentioned above, in addition to the LNC mechanism, the Hong Kong Police also has the ISPM in its arsenal. Statistics show that the ISPM has effectively intercepted the dissipation of defrauded proceeds.
  3. Upon receiving notification from the police, banks in Hong Kong will often activate their internal risk control system and temporarily freeze the accounts involved. For example, in a phishing attack case handled by our firm, upon being notified by the police, the bank took the initiative to temporarily freeze the accounts involved for the purpose of facilitating further police investigation.


The above contents by no means constitute any legal advice or recommendation by LT Lawyers. Please contact KM Liew at LT Lawyers if you have any inquiries about this article. You should seek professional advice before taking any action in relation to the matters dealt with in this article.


If reprint of the above contents or any part thereof is desired, please specify at the forefront of any and all such reprint the source of such contents, namely “LT LAWYERS”.