AI Scams in Hong Kong: How to Stay Protected

Hong Kong has seen a sustained rise in AI scams — cybercriminals using artificial intelligence to run more sophisticated and convincing frauds. Generative AI has shifted the economics of scamming: each attack costs less to produce, lands more convincingly, and can be personalised at a scale that simply wasn’t possible before. Traditional “spot the bad grammar” detection advice is increasingly useless against it. (First published February 2025; updated June 2026 — the tools change fast, the defences below don’t.)

AI’s role in online scams

AI technologies, particularly generative AI, have changed the way scams are carried out. These tools let cybercriminals automate and sharpen a range of fraudulent activities, including phishing, pig butchering, and other forms of AI-enabled fraud.

• Phishing and spear phishing: AI-driven phishing campaigns can generate emails that are nearly indistinguishable from legitimate communications. By analysing data about the target, AI can tailor these emails to the recipient, making them more convincing and harder to detect. This personalisation increases the likelihood of individuals falling victim. Our guide to protecting your business against phishing sets out practical defences.

• Pig butchering scams: This type of scam involves cybercriminals building trust over time with their victims, often through social media platforms. AI tools, such as conversational agents, help scammers maintain these relationships, overcoming language barriers and creating more authentic interactions. Over time, victims are manipulated into investing in fraudulent schemes, leading to significant financial losses.

• Deepfakes and voice cloning: AI-powered deepfake technology gives scammers the ability to create hyper-realistic audio and video content. These tools can clone voices or create videos that mimic trusted individuals — a colleague, a CFO, a family member — making scams like voice phishing (vishing) far more convincing. Victims may be tricked into believing they are interacting with a legitimate person, leading to unauthorised transfers of funds or the disclosure of sensitive information.

The impact on Hong Kong

The scale was already serious before generative AI matured. Police figures for the first quarter of 2024 put losses from traditional phone scams alone at HK$789 million — a period in which reported case numbers actually fell while losses soared, an early sign that scams were getting better, not just more numerous. AI accelerates exactly that trend: fewer, sharper, more damaging attacks that traditional detection struggles to keep pace with.

The same technology wave is also reshaping legitimate business — Hong Kong has among the highest workplace AI adoption in the region, much of it ungoverned. For the sourced numbers on both sides of that coin, see the state of AI in Hong Kong business in 2026; the ungoverned “shadow AI” it describes is part of the same risk picture, because staff pasting company data into unmanaged tools widen the attack surface scammers exploit.

How can you tell if a call or video is a deepfake?

Increasingly, you can’t — by looking. The reliable defence is verification through a separate channel, not visual inspection. Older deepfakes gave themselves away with glitchy lip-sync, odd lighting or robotic cadence; current tools have largely closed those gaps, and a busy person on a compressed video call won’t spot the subtle artefacts that remain. So change the test:

• Verify out-of-band. If a call, voice note or video asks you to move money or share credentials, hang up and call the person back on a number you already hold — not one supplied in the message.
• Pre-agree verification for payments. A standing rule that no payment instruction is acted on from a call or message alone — however senior the apparent requester — defeats the entire attack class.
• Be suspicious of urgency and secrecy. “Do this now, tell no one” is the constant across every variant of this scam, because verification is what kills it.

What should you do if your business is targeted?

Act on the assumption that speed matters most: stop engaging, verify, and escalate immediately. If money has been transferred, contact your bank straight away — rapid reporting is the best chance of freezing or recalling funds — and report the incident to the Hong Kong Police. Internally: preserve the messages, emails or recordings rather than deleting them, alert your finance team so related requests are caught, and notify your IT provider or security team so compromised accounts can be locked down and the rest of the organisation warned. Afterwards, treat it as a rehearsal finding — most attacks that nearly succeed expose a missing control (an unverified payment process, a gap in staff training) that you can fix before the next attempt.

Protection strategies

To combat the threat of AI scams, individuals and organisations need proactive security measures. These aren’t necessarily complex — even simple steps meaningfully raise your level of preparation:

• Education and awareness: Ongoing training and awareness programmes are essential to help people recognise the signs of potential scams. Understanding how AI might be used to deceive them empowers staff to stay vigilant and avoid falling victim.

• Advanced security measures: Businesses should implement robust security systems, such as multi-factor authentication (MFA) and AI-powered threat detection tools. These technologies can help detect and block phishing attempts and other AI-driven scams before they reach their targets. Backing them with clear cybersecurity policies ensures staff know how to use them.

• Verification and vigilance: Always verify the authenticity of any communication that requests sensitive information or financial transactions. This includes checking email addresses, scrutinising URLs, and confirming requests through trusted channels. Vigilance is key to preventing fraud.

• Collaboration and reporting: Organisations and individuals should work closely with law enforcement and cybersecurity experts to share information about emerging threats. Timely reporting of scams helps authorities respond more effectively and prevents further incidents.

AI tools for detecting and combating scams

1. ComplyAdvantage: This tool offers AI-driven fraud and Anti-Money Laundering (AML) risk detection, particularly useful for financial institutions. It uses real-time monitoring to detect fraudulent activities, helping businesses respond quickly to potential threats.
2. Featurespace: This platform uses behavioural analytics and machine learning to model genuine human behaviour, helping to identify anomalies that could indicate fraudulent activities. Featurespace’s TallierLTM model, for instance, uses generative AI to improve fraud detection significantly.
3. HyperVerge: Known for its AI fraud detection capabilities, HyperVerge uses machine learning models to filter through large datasets and identify suspicious activities by recognising patterns and anomalies. This tool is particularly beneficial for real-time fraud detection and minimising manual review time.
4. Ekata: This tool provides AI-powered identity solutions that help businesses verify customer identities at every stage of their journey. It can flag fraudulent users and transactions quickly, offering protection against account opening fraud, account takeover attacks, and scam payments.
5. Netsweeper: This tool focuses on web content filtering, using AI algorithms to sift through online content in real time to identify and block malicious websites and phishing attempts. It also aids in data analysis to uncover emerging scam tactics, contributing to more robust cybersecurity strategies.

As AI continues to evolve, so too will the tactics used by cybercriminals. By staying informed and adopting comprehensive security measures, people and businesses in Hong Kong can better protect themselves against the growing risks associated with AI-driven scams. If you would like expert help — from phishing simulation and awareness training to layered defences and incident response — PTS offers managed cybersecurity services for organisations across Hong Kong and APAC.