17.12.2019

Cyber fraud on the rise

Over the past year we witnessed a number of incidents of cyber fraud amongst both our clients and family. Those that were targeted lost considerable sums. What is chilling is that those affected were intelligent and competent people – the scammers were simply brazen and insidious; a particularly dangerous combination. 

So that you are aware of how you could potentially become a victim of cyber fraud, here are a few of the scams we saw:

  • Fraudsters hacked into the email system of one business, enabling them to view email traffic over a period of time and determine the main suppliers being paid by the customer. The hackers then set up emails to the business that purported to come from their main overseas supplier and requested change in bank details. Though the business queried this request via email, the response came from the fraudster. The end result was over $1 million being paid to international accounts. The likelihood of this business recovering any of this money is uncertain.   
  • Another client also had their email system hacked. Opposite to the previous scenario, the hackers controlled our client’s email system and sent change of bank details to the client’s two main customers. Both customers queried the change by email but, once again, these emails were controlled by the hacker. One customer paid several hundred thousand dollars to hacker-controlled bank accounts. The other major client became suspicious and rang to verify, which uncovered the fraud.
  • A third client received fraudulent invoices via email, also purporting to be from a major supplier. Their accounts payable department processed these invoices, along with new bank instructions, and paid away $30,000. These funds were unrecoverable.
  • A family member of a Finance New Zealand staffer fell victim to a phone and internet scam, with hackers gaining access to the individual’s computer under the cover of fixing up a poor internet connection following fibre having recently been installed at the home address. By ‘hiding in the background’ the fraudsters were able to remove all forms of anti-virus on the individual’s laptop, install software that enabled them to view the individual logging into internet banking, and then take control of the personal internet banking. About $50,000 was paid away over multiple transactions to New Zealand-based accounts. Funds were quickly withdrawn from those accounts and moved through Sky City before being presumably taken offshore.  

We strongly urge you to ensure you have processes in place to help prevent cyber fraud. If you receive a request via email from a supplier or employee to change bank account details, ensure that this is verified by phone as well as in writing. Unfortunately, you cannot assume that these requests are genuine when received by email alone. We also recommend the use of two-factor authentication when logging into or approving any material transactions within online banking or other sensitive systems.For the latest on cyber security incidents in New Zealand, read the following report: https://www.cert.govt.nz/about/quarterly-report/quarter-three-report-2019/