Keep your scam eyes open for this one!

Have you ever received an email from one of your suppliers, either based in New Zealand or overseas, to let you know that they’ve changed their bank account details for invoice payments? Did you contact them to confirm this information? If not, now’s the time to get your ‘skepticals’ on and double check who you’re actually paying. Some of our customers have lost money after payments intended for legitimate suppliers have been intercepted by fraudsters via compromised email accounts. The fraudsters have then emailed our customers and directed them to remit their invoice payments to a different bank account. So please be vigilant, even if you have dealt with the same suppliers for years. With Christmas fast approaching, the fraudsters are likely to be looking for extra cash – please don’t let it be yours.

If you’re suspicious of an email that you’ve received, or if you’ve entered your personal information into a website, or if you have an unauthorised transaction on your bank account, please contact us immediately on 0800 ASK BNZ (275 269) or +64 4 924 0499.

Similarly, if you think you’ve been caught up in a scam, or if you’ve provided personal information to someone over the telephone or via email, or if you suspect that your identity has been stolen, please call us on 0800 ASK BNZ (275 269) and ask to speak to the Financial Crime Management Centre.

1 Like

I do Systems Admin work for an ISP. I have worked in the Internet industry for many years and email servers are a key part of my area of experience.

It is nigh on impossible to filter these types of emails because they don’t generally fall into spam heuristics - actually quite often they are targeted at a specific company or person within a company.

Another major problem right now is bulk emails referring to invoices or payments. The attachment included with these is a script with downloads a particularly nasty load (Cryptolocker or similar in the ones I have looked at).

I do my best to filter these ones but it’s invariably on a delayed basis and ultimately like playing whack a mole. IE: We filter these after someone has received it, sent it to me and I have analyzed it’s contents.

This is how the whole industry operates. Ultimately, customers have to take responsibility for themselves and this is a message which is still being lost on a percentage of the internet using population.

None of this is anything new. I still remember when Code Red caused havoc in 2001 [1]. It’s now over 15 years later and there is no excuse now.

Having a decent AV is one measure. Eset NOD32 would be my pick. Avoid Norton or Mcafee like the plague. But the other most important measure is vigilance. Don’t open or run attachments which you don’t know the sender and understand what the attachment is (PDF for example is commonly sent through email and pretty safe afaik but executables and scripts are of course not - .exe, .vbs etc)

  1. Code Red (Computer Worm) @ Wikipedia
1 Like

Hi Michael, Thanks for your response, these are all really useful comments. We agree it’s important not to rely on filters alone and are wanting to reiterate the importance of triple checking when things like this pop up. A simple phonecall is often all that is needed to be on the safe side! :slight_smile: