Stay Alert: Guide to Preventing New Types of Fraud for Financial Staff

Posted by Written by Qian Zhou Reading Time: 5 minutes

New types of fraud targeting corporate finance personnel are diverse and continuously evolving with technological advancements. Companies must stay alert, understand common fraud methods, and establish comprehensive mechanisms to prevent unnecessary losses.


UPDATE (September 23, 2024): On September 19, the Beijing Daxing Tax Bureau issued a reminder that many companies have recently received fake “tax audit notices”. The Beijing Daxing District Tax Department kindly reminds all taxpayers and fee payers that emails prompting taxpayers to click links to download materials are fraudulent. The tax department will not notify taxpayers of tax-related matters via email, QQ, or similar methods. Financial staff should remain vigilant, be cautious, and not easily open unfamiliar web links that are not officially certified, nor click on unknown URLs. Suppose financial staff receive similar emails or text messages and cannot determine their authenticity. In that case, they are encouraged to verify through official channels (such as calling the 12366 tax payment service hotline). In any case, financial staff are discouraged from disclosing personal information to avoid being scammed.


With the continuous development of internet technology, new types of fraud are emerging, posing increasing risks to financial staff. It’s not rare to hear cases where financial personnel were deceived, resulting in significant financial losses for their companies. In this article, we put together a quick guide for companies to strengthen fraud prevention.

Explore vital economic, geographic, and regulatory insights for business investors, managers, or expats to navigate China’s business landscape. Our Online Business Guides offer explainer articles, news, useful tools, and videos from on-the-ground advisors who contribute to the Doing Business in China knowledge. Start exploring

Common fraud methods targeted financial staff

Fraud tactics targeting corporate finance personnel are diverse and continuously evolve with technological advancements. In practice, the following methods have been commonly reported:

Impersonation fraud

Fraudsters may impersonate company leaders or executives, or even bank staff or tax authority personnel. They usually search for publicly available company emails or infiltrate various company work groups (WeChat, DingTalk, QQ, etc.) to find out the targeted identification.

Impersonating company leaders or executives:

Fraudsters forge the identities of company leaders, using similar avatars, nicknames, etc., to add finance personnel as friends or include them in group chats. In group or private chats, they request transfers, remittances, or sensitive financial information in the name of the company. For example, fraudsters impersonated the boss of Company A via WeChat, asking finance personnel to transfer funds to a so-called client account, resulting in significant financial losses.

Impersonating tax authorities, banks, etc.:

Fraudsters pose as staff from tax authorities, banks, etc., claiming annual account inspections, tax audits, online banking upgrades, or other excuses, to request account information or transfer operations. For instance, fraudsters impersonated tax authority staff who was in charge of tax administration of Company B, asking finance personnel to add them as friends and transfer funds to complete a so-called “account inspection.”

Fraud through phishing websites and link

Fraudsters may send messages containing phishing links via email, SMS, or social platforms, luring finance personnel to click and enter account passwords, verification codes, and other sensitive information. For example, finance personnel of Company C received an SMS about “online banking upgrades”. He clicked the link, and entered account information, leading to funds being stolen.

Fraudsters may even create fake websites resembling legitimate ones, such as discount airline ticket booking sites, electronic invoice collection sites, etc., luring finance personnel to enter online banking account information during online payments.  For example, finance personnel of Company D were guided to a fake website while purchasing tickets online and entering verification codes, resulting in funds being transferred.

Trojan virus fraud

Fraudsters may send emails, files, or links containing Trojan viruses, tricking finance personnel into downloading and running them. Once the computer is infected, fraudsters can remotely monitor it, steal financial information, and control social software accounts. For example, finance personnel of Company D downloaded and ran an unknown file in a work WeChat group, leading to a Trojan virus infection and financial loss.

Fraudsters may also use Trojan viruses to delete real leader accounts from finance personnel’s social software and add scam accounts disguised as leaders. The disguised scam accounts then request transfers or sensitive information in the name of the leader.

Other fraud tactics

Fraudsters may exploit certain vulnerabilities or features of social software (e.g., allowing strangers to be invited to group chats) to directly add finance personnel to groups and carry out fraud.

Fraudsters may also send mass SMS messages to finance personnel, asking them to “transfer funds to a designated account,” exploiting potential negligence or misoperation.

Establishing effective emergency mechanisms

Facing fraud targeting financial personnel, it is crucial to establish effective emergency mechanisms. Below, we introduce some practical and key emergency mechanisms aimed at helping businesses and individuals respond quickly, reduce losses, and prevent further deterioration of fraud incidents:

  • Emergency reporting and communication mechanism: Once potential fraud is detected, financial personnel should immediately stop all related operations and report to the company leadership or designated responsible person as soon as possible. The company should quickly initiate an internal communication mechanism to ensure that relevant departments and personnel are aware of the fraud situation and can respond collaboratively. Additionally, companies should contact public security authorities, and other relevant institutions as needed to report the fraud and seek assistance.
  • Emergency payment suspension and fund preservation mechanism: Upon discovering fraud, companies should immediately contact the bank where the account is held and request an emergency suspension of payments to prevent further loss of funds. It’s advisable to cooperate with the bank to trace the flow of funds and recover as much of the lost funds as possible. Additionally, the company should properly preserve all evidence related to the fraud, including chat records, transfer records, emails, etc., for subsequent investigation and rights protection.
  • Risk assessment and response mechanism: The company should conduct a comprehensive risk assessment of the fraud incident, including the amount of loss, scope of impact, potential risks, etc. Based on the risk assessment results, formulate a detailed response plan, including internal rectification, strengthening prevention, legal prosecution, etc. If a response plan already exists, it should be executed promptly to ensure that all measures are effectively implemented.
  • Internal investigation and rectification mechanism: The company should conduct an in-depth internal investigation of the fraud incident to identify the causes, responsible persons, and loopholes. Based on the investigation results, the company should formulate targeted rectification measures, including improving financial management systems, strengthening internal controls, and enhancing employee quality. The implementation of rectification measures should also be supervised to ensure that the issues are effectively resolved.

To combat fraud targeting financial personnel, establishing effective emergency mechanisms requires a multi-faceted approach, including emergency reporting and communication, emergency payment suspension and fund preservation, risk assessment and response, internal investigation, and rectification, training and publicity, as well as external cooperation and coordination. These mechanisms must work together to effectively prevent and respond to fraud risks.

How do we prevent fraud targeting financial staff?

In today’s digital age, financial security is more crucial than ever. Implementing robust preventive measures can safeguard your organization against potential threats and fraud. Below are some essential strategies to enhance your financial security:

Training and learning

Companies should arrange for their financial staff to actively participate in anti-fraud training organized by local public security agencies or tax authorities, learn about new fraud methods and prevention techniques, and continuously improve their awareness and capabilities.

By maintaining a high level of vigilance for all financial-related emails, messages, and calls, they shall not easily trust strangers or unverified information. Rather, they shall handle links, attachments, or download requests from unknown sources cautiously to avoid clicking on malicious links or downloading virus software, etc.

Financial personnel should also maintain good communication with other departments, leaders, and external partners, so as to verify suspicious situations promptly.

Strengthen internal controls

To prevent fraud and unnecessary losses, companies are suggested to establish strict financial approval processes and systems to ensure that every financial expenditure undergoes multi-layers of approval and verification. Also, it should be prevented that a single person having full financial authority. Rather, the financial roles should be reasonably divided, to avoid the risk of internal fraud.

Enhance cybersecurity

Companies should regularly update and maintain their financial systems to ensure their security performance meets the latest standards. They are advised to install reliable antivirus software and firewalls to prevent viruses and hacker intrusions. Also, it’s crucial to strengthen password protection for critical systems such as corporate emails and websites and conduct regular security checks.

Establish emergency mechanisms

Companies are suggested to develop a financial fraud emergency plan that clearly defines the responsibilities and response measures of relevant departments. If possible, they are encouraged to organize regular emergency drills to improve their ability and efficiency in handling unexpected incidents.

About Us

China Briefing is one of five regional Asia Briefing publications, supported by Dezan Shira & Associates. For a complimentary subscription to China Briefing’s content products, please click here.

Dezan Shira & Associates assists foreign investors into China and has done so since 1992 through offices in Beijing, Tianjin, Dalian, Qingdao, Shanghai, Hangzhou, Ningbo, Suzhou, Guangzhou, Dongguan, Haikou, Zhongshan, Shenzhen, and Hong Kong. We also have offices in Vietnam, Indonesia, Singapore, United States, Germany, Italy, India, and Dubai (UAE) and partner firms assisting foreign investors in The Philippines, Malaysia, Thailand, Bangladesh, and Australia. For assistance in China, please contact the firm at china@dezshira.com or visit our website at www.dezshira.com.