Invoice fraud using intercepted emails on the rise
Increasing numbers of people are being defrauded out of large sums of money by scammers accessing the email accounts of legitimate businesses.
Known as invoice fraud, the crime involved fraudsters monitoring a business' emails, waiting for it to send an invoice to a customer for a large amount of money.
The scammer would then send their own email to the customer, from the business' email address, informing them its bank account number had changed and asking them to instead put the money into the fraudster's account.
The crime was now the third most common form of online lawbreaking in this country behind phishing and ransomware.
Last year globally the FBI experienced double the number of cases compared to 2017.
Former deputy police commissioner, Rob Pope, was now working with the government's online fraud agency, Cert NZ.
He says the reason the scam often fooled people was the fact it was so plausible.
"New Zealand's a very trusting society. Within business transactions people put a lot of trust in email and electronic invoicing these days, so they are used in day to day operations. So it is a question of having a qualified trust now."
Westpac's head of financial crime, Tiffany Ryan, says first home buyers were a common target.
Scammers accessed the email accounts of law firms and waited until just before the settlement date to send an email, looking like it has come from the lawyer, asking for the purchaser to put the money for the home into the fraudster's account.
Tradespeople who sent invoices via email were also a popular target.
Tiffany says there was no guarantee the bank or the hacked business would refund the victim their money.
"Ultimately the liability sits with the customer because they have authorised the payment to go through. But each bank will investigate and work through our process with the customer and the victims of the fraud to understand the circumstances in which the transaction was made."
Because the invoice had come from a trusted email address and used a legitimate letterhead, people were far more likely to trust it, she says.
The financial impact on people of being defrauded of often quite large sums of money, could be profound.
"If you're the victim of an invoice fraud and it is a large sum of money, then you've potentially got challenges around making your own mortgage payments and bill payments and things like that. And it's heartbreaking for families."
The less tech savvy including the elderly were often an easy target for fraudsters.
"We often hear customers being quite shy about coming forward. The fear is just that you know that stigma that comes with having to admit that you might have done something that wasn't quite, you know, what you'd normally do."
Rob says the single best defence against invoice fraud was to phone the business and double-check the request to use a different bank account had actually come from them, and not a fraudster.
"Just pause and think about this before you act. It's very easy in the electronic age just to assume it's coming from business ABC, I've already got some outstanding money owing to them, I'll just push the button. Just pause and think."
Rob says most of the fraud was committed by people operating from offshore, making successful prosecutions very difficult.
Work was underway now to establish exactly how much these scams were costing the country but it ran in to the hundreds of thousands of dollars, he says.
Nobody from the police was available to be interviewed but a spokesperson says they are aware of an increase in this sort of crime.
They urge people to tell vulnerable or elderly family members to be on the lookout for such scams.