The case began with an ordinary social media purchase: a woman in Hong Kong saw a Facebook post selling collagen drinks and paid HK$530 using the Faster Payment System. What looked like a routine online transaction quickly became a costly mistake when the alleged seller messaged her saying the item was out of stock and promised a refund. In the follow-up communication she was directed to what appeared to be an official page to process the return, but that page was a carefully crafted impostor.
Believing the refund portal was genuine, the victim entered her online banking details. Over the next few days multiple withdrawals were made: four separate transfers emptied her accounts and left losses approaching HK$2.5 million. Police shared the incident on their CyberDefender Facebook page and cautioned the public about this common pattern. The episode underscores how scammers exploit trust built around small purchases to obtain sensitive financial information.
How the fraud operated
The scheme relied on a familiar sequence. First, a low-cost item such as collagen drinks is advertised on a social media platform to attract attention. When the buyer pays a modest amount via a convenient channel like the Faster Payment System — described here as an instant bank transfer service — scammers use that initial payment to build credibility. When the seller supposedly cannot fulfil the order, they offer a refund and send a link to a lookalike page which asks for bank credentials. That link is a form of phishing, a deceptive page designed to harvest login information.
Why small payments are an effective lure
Scammers deliberately choose low-priced products to lower a buyer’s guard. A charge of HK$530 feels trivial, making victims less suspicious and more willing to engage with follow-up messages. Once the target clicks a fake refund link and provides details such as username, password, or one-time codes, attackers can move quickly. In this case the fraudsters executed four transfers that siphoned the victim’s savings. Police emphasise that a minor purchase can be the first step in a much larger theft when criminals gain access to sensitive banking data.
Phishing pages: signs and mechanics
A convincing counterfeit page can replicate logos, layout and wording of an authentic service. Red flags include unexpected requests for full login credentials, prompts to re-enter passwords, or pages hosted on unfamiliar URLs. The criminal process often involves automated scripts that capture the entered information in real time and then use it to authenticate transfers. Awareness of these tactics — recognising that a refund request should never require full bank logins — is a key preventative measure.
Police advice and practical precautions
Authorities warn the public to treat refund links with suspicion, especially if they arrive via direct messages on social platforms. The recommended steps include verifying sellers through official storefronts, contacting the platform’s verified support channels, and refusing to submit banking credentials on third-party pages. Where possible, consumers should use in-app payment systems or contact their bank directly. If there is any doubt, customers should report the interaction to law enforcement and their bank immediately to help freeze accounts and limit losses.
Protecting yourself from similar scams
Practical protection combines skepticism and swift action. Always verify seller identity and transaction receipts, keep software and authentication apps updated, enable two-factor authentication where available, and use bank-provided apps to check transfers rather than following external links. If you receive a refund link, type the official website or open the authenticated app yourself instead of clicking the provided link. Reporting suspicious activity early increases the chances of recovery and helps authorities track evolving scam patterns.
