Cyber Fraud in International Trade – Precautionary Measures and Remedies

  • Market Insight 14 July 2022 14 July 2022
  • Global

  • Energy & Natural Resources

The continuous development of cyber threats has resulted in cybercrime permeating into various industries and markets. Clyde & Co’s Shanghai Office recently received several instructions regarding international trade-related cyber fraud incidents from clients seeking assistance with the recovery of funds diverted and wrongfully paid into third-party bank accounts opened in Mainland China. This article reviews the main methods used by fraudsters to take advantage of such bank accounts and offers guidance on the precautionary measures that can be used to minimise the risks as well as the effective remedies available for recovering such funds once a fraud has been perpetrated.


Cyber Fraud in International Trade

By comparing the various cyber fraud cases we have come across, we were able to compile a summary of the main steps criminals frequently take to defraud their target victim. They are as follows:

STEP 1 – The fraudsters hack into the email systems or other instant messenger services (such as WhatsApp and WeChat) used by the seller and buyer to communicate and steal the relevant trading information.

STEP 2 – They use newly created email addresses or instant messenger accounts that look very similar to the real ones used by the trading parties, and communicate by impersonating the real parties, blocking and procuring trading details and by deceptively becoming the interface between the parties.

STEP 3 – Once the transaction is at the shipment and payment stage, the fraudsters will falsely allege, by impersonating the seller, that they need to change the recipient bank account for some reason (e.g. tax regulation) which may sound quite reasonable, and they, therefore, require the buyer to remit the funds to a third-party bank account designated by them, in this case, one which was opened at a local bank in mainland China. (the “Recipient Bank”).

STEP 4 –The criminal actors vanish after transferring the funds out of the third-party bank account into a different bank account owned by yet different parties. Although the funds are technically traceable, the move is designed as a type of money laundering exercise.



It is usually difficult to investigate cyber fraud cases, which occur in an international trade setting, without cross-border cooperation because the parties involved are often based in different countries, even regions across the world. In this context, it is quite challenging to verify the location of the fraud and the identity of the fraudsters. Moreover, as the fraudsters usually transfer the funds immediately after receiving them, unless the victims freeze the funds or attach the bank account in time, recovery will generally be very challenging.


Precautionary Measures

Given the difficulty and expense of implementing post-fraud remedies following a fraud event, as we discuss below, it is advisable to take precautionary measures beforehand so as to minimise the risk of suffering such losses. For example:

  1. Conducting a detailed check and verification of the email address or instant messenger account used by the seller during communications, particularly when receiving the payment instructions. In practice, it might be difficult to discover, at first sight upon receipt of the emails, the discrepancy with the email address used by the fraudster but it will be easier to spot the difference after clicking the "reply" button. You are advised to pay particular attention to the suffix of the email address (the part that lies to the right of the @ symbol), which would normally be significantly different from the real email address.


  1. Paying attention to the seller’s address and contact details as displayed in the email signature or the instant messenger account. Seeing if they are consistent with the ones previously known to you or provided in the public domain.


  1. Investigating through third-party professionals the authenticity of the reasons provided for changing the bank account details, as well as the relationship between the seller and the holder of the new bank account.


  1. Re-confirming, through video calls, the identity of the seller and the authenticity of the payment instructions and/or the change of bank account.


  1. Setting up a comprehensive internal payment review process.


  1. Establishing a robust security procedure and purchasing insurance for cyber fraud exposure.




In cyber fraud cases, payments are usually requested by way of transfer because this method is fast and leaves little time for victims to respond or take the necessary measures to suspend the transactions. However, if the victims do not take remedial measures as soon as they become aware of the potential fraud, they will most likely miss the best opportunity for holding on to their funds, and may  face a difficult and expensive recovery exercise as well as potential exposure to further losses.

As soon as they suspect foul play, victims of such frauds are advised to take urgent and effective measures to prevent the funds being transferred. The following steps can prove effective:

  1. Send a notice to the Recipient Bank suspending the release of funds

In practice, if the beneficiary uses a bank account opened in mainland China to receive a remittance from overseas, they will need to settle the foreign exchange at the Recipient Bank before they can actually control, dispose of, or transfer the funds out of the account. A victim may, therefore, opt to issue a Notice Suspending the Release of Funds or some similar message to the Recipient Bank, either directly from themselves or via the paying bank, explaining that the payment may involve cyber fraud. They should request that the Recipient Bank prevent the beneficiary from settling the foreign exchange (meaning the monies cannot be released to the recipient) or disposing of the relevant funds, until further investigation and/or a decision from the judicial authorities.

To have the funds released as soon as possible, cyber fraudsters would normally forge the relevant trading documents, including sales contracts, invoices, bills of lading and customs declarations, etc. and provide the same to the Recipient Bank for settlement of the foreign exchange. If the said Notice is sent to the Recipient Bank in a timely manner, it can be an effective warning, reminding the bank to be extremely cautious in reviewing the documents tendered for the release of funds. Any delay in sending the Notice may put the victim at a disadvantage in recovering the funds.

  1. Report to the police for criminal investigation

During a criminal investigation, the local police may decide to freeze any funds and payments, assuming the funds are still in the account, to prevent the fraudster from transferring these out. Whether the funds are still in the account may be difficult to ascertain until the police take on the case, as a bank may be unwilling to disclose information about one of their clients’ account and suspend the release of funds on simple receipt of a Notice. The bank is more likely to act on the basis of a police report or judicial order, obtention of which will most likely delay the process and reduce the chances of retaining the monies.

In accordance with the relevant provisions of the Criminal Procedure Law of PRC, the police may, for the purpose of the criminal investigation, inquire about, or freeze the deposits, remittances, and other property of the criminal suspects. However, the precondition for the police taking these measures is that they accept the case and establish jurisdiction over it, which may not be straightforward in practice as it usually involves cross-border transactions.

  1. Apply for an Asset Preservation Order and file a civil action

In the event that the police in mainland China refuse to accept or register the case, the victims are advised to apply for an Asset Preservation Order before the court where the receiving bank is located so as to freeze the beneficiary’s bank account, thereby preventing the fraudsters from transferring the funds.

PLEASE NOTE, as required under the Civil Procedure Law of PRC, the applicant for a pre-litigation Asset Preservation Order will need to provide counter security. Moreover, substantive proceedings will have to be commenced within 30 days from the date when the court issues the Order. If substantive proceedings are not commenced within the prescribed time limit, the Order shall be lifted by the court.



The methods used to carry out cyber fraud in international trade are changing constantly and are becoming increasingly sophisticated every time. It can be challenging to assess whether the relevant information received from third parties is authentic or false. While it is always important to stay vigilant during the course of business, it is also good practice to seek assistance from third-party professionals (such as investigation companies, lawyers, or insurance companies) to lower the risk of being defrauded, to mitigate losses and, more importantly, to maximise the chances of recovery in the event of fraud.


Stay up to date with Clyde & Co

Sign up to receive email updates straight to your inbox!