Description: Hong Kong police arrested eight individuals accused of using AI-generated facial composites to open bank accounts with altered ID photos. Of 44 applications, 30 reportedly succeeded after passing online identity checks. The accounts were then allegedly used to apply for loans and make credit card purchases totaling HK$860,000, and to launder over HK$1.2 million in suspected criminal proceeds. Police linked the operation to local triad-affiliated fraud networks.
Editor Notes: See also Incident 921. Timeline notes: Hong Kong police reportedly carried out "a citywide crackdown on scams, cybercrime and money laundering between April 7 and 17." This incident ID uses 04/07/2025 as its date; it was ingested into the AIID on 05/17/2025.
Entities
View all entitiesAlleged: Unknown generative AI developers and Unknown deepfake technology developers developed an AI system deployed by Hong Kong-based triad-affiliated fraud syndicate, which harmed Regulatory and compliance infrastructure , Loan providers targeted through fake identities , Hong Kong retail banks , Hong Kong Police , Hong Kong financial institutions , General public of Hong Kong , Financial institutions conducting remote KYC verification and Credit card issuers.
Alleged implicated AI systems: Unknown generative AI technology and Unknown deepfake technology
Incident Stats
Risk Subdomain
A further 23 subdomains create an accessible and understandable classification of hazards and harms associated with AI
4.3. Fraud, scams, and targeted manipulation
Risk Domain
The Domain Taxonomy of AI Risks classifies risks into seven AI risk domains: (1) Discrimination & toxicity, (2) Privacy & security, (3) Misinformation, (4) Malicious actors & misuse, (5) Human-computer interaction, (6) Socioeconomic & environmental harms, and (7) AI system safety, failures & limitations.
- Malicious Actors & Misuse
Entity
Which, if any, entity is presented as the main cause of the risk
Human
Timing
The stage in the AI lifecycle at which the risk is presented as occurring
Post-deployment
Intent
Whether the risk is presented as occurring as an expected or unexpected outcome from pursuing a goal
Intentional
Incident Reports
Reports Timeline
Loading...
Hong Kong police have arrested eight people accused of running a scam ring that bypassed bank verification checks to open accounts by replacing photos on lost identity cards with deepfakes incorporating fraudsters' facial features.
Senior S…
Variants
A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?
