CERT NZ is warning New Zealand businesses to be aware of an upsurge in fake invoices, which are often intercepting genuine payments.
CERT NZ says it has received a spike of reports about invoice scams recently. The best method of prevention is to strengthen email security and verbally confirm and change in bank account details.
Typically scammers gain access to a company’s email account, monitor emails and then target customers who owe large payments.
The scammers then use the company’s email address to tell those customers that bank account details have changed. Sometimes the scammer will even alter an invoice to include change the bank details.
CERT NZ advises that some scammers are also using auto-forwarding rules on a company’s email, so they can respond directly to customers without the business ever knowing about it.
Scammers will also use filtering rules to delete their sent mail so their messages can’t be detected.
CERT NZ says there are three main ways businesses can detect unusual activity:
Check auto-forwarding rules on email accounts, especially accounts relating to accounts receivable. Check to see if there are any forwarding rules to accounts you are not familiar with.
Check auto-filtering rules on email accounts. Check to see if there are any rules that you did not set up.
Look at your email access logs to look for any unusual login behaviour – particularly odd login times and unexpected or foreign IP addresses.
CERT NZ says that if companies are expecting a payment that hasn’t arrived or have made a payment that hasn’t been received, it could be a sign of this scam.
Businesses that have made payment:
You should call the intended recipient, confirm bank details and check that the payment hasn’t been received. If details don’t match, call the bank immediately. The bank may be able to recover the money if it is caught early enough. Businesses should also file a report with CERT NZ.
You should call the person responsible for the payment and ask them to confirm bank details. If details don’t match, the person should contact their bank to find out if the payment can be stopped.
Strengthen your email security
Improving invoice payment practices: