News
Employment

Email Scams

Scammers and hackers are not in lockdown. It's more important than ever to be on the alert.

We have seen a number of instances where organisations and individuals have been subject to email scams (and on a couple of occasions those have been successful).  Large amounts of money have been remitted overseas and completely lost.

2 types of scams we have seen are:

Phishing:

(1)        ”Phishing attempts to look or sound genuine because the scammer is impersonating a trusted organisation or person.  They could be pretending to be from your phone or internet company, a law firm, your bank or even the Government.  The scammer asks you to update your details, provide details, complete a survey, make a payment or another request that gives them access to your personal information. [1]

Fake invoice scams:

(2)        “A fake invoice scam is what someone requests that a business pays fake invoices for product or service that was not requested, or received.  The scammer will send an invoice for goods or services you haven’t requested or for fake services such as a trade directory.  This could be a printed invoice that looks legitimate, or even an email that looks as if it came from a legitimate business insisting that you have ordered the goods or services[2].

We have seen variations of these sent to clients.

Examples include:

  • False but quite realistic invoices have been provided but they have been subtly altered by changing the bank number, reference details and the more aggressive tone of the attached email requesting payment;
  • Emails appear to have been sent within a single organisation where the director has “supposedly” been requesting an employee to make payment overseas – again uncharacteristically demanding urgency:
  • an email requests you to update or verify your details on line;
  • emails that try and get you to act quickly by threatening you with legal action or loss of an account.

Warning signs for these scams include:

  • Emails requesting a quick, urgent or faster than usual requests for the payment of money;
  • A supplier’s usual bank details have changed – the rest of the invoice looks entirely genuine. Call the supplier to confirm that the invoice is legitimate and that the altered bank account is correct;
  • Change in the tone of emails – including pressure to pay invoices faster than usual, requesting confirmation invoices have been paid (often adopting a more demanding tone).

To reduce the risk of being scammed:

  • If you are responding to a supplier use the phone number you have on file or look it up on their website – don’t call the telephone number listed on the email or invoice (that will likely be a number supplied by the scammers).
  • Double check with the supplier that you have the correct payment details for them – by phone – not answering the email.
  • Caution is always required when payment is being requested by email – always worthwhile calling that person direct to confirm the legitimacy of the request.
  • Some organisations have a policy that where a funds transfer request is being made solely by email that it cannot be made until an employee has spoken to the client personally and confirmed those instructions.
  • Additional security systems should be considered for processing payments – this could be simple as “4 eye” check and/or always having verbal confirmation from the sender for processing payments requested via email. Improved validation processes will assist.  Staff need to be trained to know what to look for.
  • If you are unsure if an email is from a legitimate organisation contact them through official contact channels (not the contact details provided in the email) to see if it has in fact come from them.

Further information can be obtained from:

Netsafe www.netsafe.org.nz;

CertNZ www.cert.govt.nz;

Consumer Protection www.consumerprotection.govt.nz

 

 

[1] Netsafe.org.nz

[2] Netsafe.org.nz


Author

Hugh Matthews

Hugh Matthews

Partner