Factory email hacked. 29K USD stolen from buyer. How to avoid it happening to you.

I just received an email from an overseas buyer of Chinese products who is the victim of a common China sourcing scam.  They even did a formal factory audit and confirmed the supplier was legitimate. But it wasn’t enough to prevent a growing scam.

Here are the details:

  1. Buyer and legitimate supplier have an established relationship
  2. Supplier email is hacked
  3. Hacker pretends to be supplier representative and directs payment on next order to a new bank account which is the hacker’s personal account
  4. Funds are received, account closed, hacker disappears
  5. Buyer senses something is wrong, contacts supplier via phone or other email and learns supplier was not aware of any order or recent communications with buyer.

Unfortunately this is a common scam happening in China.  Here are the red flags to look out for.

We always stress to our readers at CSIC to

a)      Make sure the name on the contract is the same as bank account.

b)      Don’t send large payments to private accounts.

c)       Visit the supplier for audits and inspections during your order.  If the buyer schedules an onsite visit to check an order, it will become clear pretty quick if the supplier is not aware an order has been placed!

If you happen to be the victim of this scam, the outlook for recovering funds is bleak, but here are some outcomes from past cases:

1.       In one case the factory felt bad because it was their email that was hacked and they offered a bit of compensation to retain the client and get the next order. But legally they are not responsible as the factory didn’t scam the buyer.

2.       The person who hacked the email and set up the new bank account is probably long gone. But if that account is still active, that would be the logical place to grab the scam artist.

3.       Even if the hacker has closed the accounts, he needed to show some paperwork to open the account in the first place. This may be the trail for the police or a private investigator to start tracking him down.

4. In many cases, the hacker is in a 3rd country and not Chinese. For example, we learned that a Brazilian hacker set up a bank account in HK and succeeded in hacking multiple PRC supplier emails and stealing payments from multiple buyers across Europe.  In this situation, it is next to impossible for the victims to coordinate police forces in China, HK, EU and Brazil to capture the criminal.

Here are some related resources:

Red flags to suspect the supplier is not legit


About the blogger

Written by Mike Bellamy – author of, “The Essential Reference Guide to China Sourcing” (chinasourcinginfo.org/book) and founder of PassageMaker Sourcing Solutions (www.PSSchina.com). Read about him in the Financial Times: “A Foot in Both Cultures”

1 Comment

  1. Vivian Becnel on January 14, 2013 at 10:01 am

    Excellent information. Thanks for sharing this. It is really hard to be a victim of scammers most specially if you are dealing with big amount of money. That is why it is very important that before you close on deals, you should really visit on your supplier. Much better to pay them personnally to avoid this kind of problem.

Leave a Comment