NZ businesses targeted by invoicing scam

Article

New Zealand businesses are being targeted in an invoicing scam, according to a report by CERT NZ.

Scammers are hacking into company email accounts, and emailing customers advising of a change in company bank details.

By hacking into email accounts, scammers can monitor company billing cycles, access customer contact details and send emails from your business email address.

In some cases, scammers are intercepting the invoice before it reaches the customer, only changing the bank account details and leaving all other details familiar. Customers are therefore none the wiser, as they receive an invoice from a supplier they trust, for an amount and at a time they expect. Once payment is made, the money is transferred overseas and is difficult to track and recover.

How do I know if my business has been hacked?

Scammers are using auto-forwarding rules to reply directly to customers who question the change in bank details, so a good place to start is to check there have been no forwarding rules set on your email account.

Another tip is to check your auto-filtering rules, scammers are setting these to delete all sent emails so that their responses aren’t discoverable.

Stay ahead of the scammers

CERT NZ is a government agency which works to improve cyber security in New Zealand. Here are some of their top tips for securing your business against scammers:

  • Make sure you have a two-factor authentication on your email account
  • Make sure all staff use strong passwords, it might also be a good idea to encourage staff to use a password manager
  • If you don’t use auto-forwarding for emails, consider disabled this feature so it can’t be used
  • Set up logging on your business email to track all login attempts

To find out more about this scam, or to alert CERT NZ if you think your business may have been affected, visit: https://www.cert.govt.nz/businesses-and-individuals/recent-threats/invoice-scams-affecting-new-zealand-businesses/