Builders beware, you could be in for a scam!

Hi Everyone,

Those pesty scammers are at it again, this time targeting the New Zealand building sector (but other industries should be aware too!)

A recent scam in operation targets insecure business email accounts. Scammers hack into the email account and access invoices from the ‘Sent’ items folder. The scammer can then effortlessly copy the invoice and modify details like the payment bank account number. They then resend the updated invoice from the compromised email account back to the customer asking them to make payment to the new bank account.

Once payment is made to the scammer’s account the money can be rapidly moved overseas where the funds become very challenging to retrieve.

Here are a few simple ways to keep your business email accounts safe:

• Use two-factor (2FA) or multi-factor (MFA) account authentication. 2FA/MFA provides an extra layer of security to prevent an attacker gaining access to your email account, even if they somehow get your password. This greatly reduces the risk of account compromise.

• If you ever receive an invoice with a new payment bank account number, validate it by telephone or in person (not over email) before making payment.

• Think twice about double-ups of invoices and check for obvious signs of a scam, for example, an unusual sender’s email address, spelling errors, demands for payment by a certain date, or signs the email is different to what you would normally receive.

• If you believe you have made a payment to a fraudulent bank account, contact us immediately at BNZ on 0800 ASK BNZ (275 269) or +64 4 924 0499.

1 Like

This is very scary but thank you for the heads up to protect our money

1 Like

Also if you are a small business and use Xero, you can send your invoices automatically from Xero, you dont need to attach a PDF to an email, so that helps remove the risk a little bit too