Hackers steal money from Kiwi businesses ordering goods from trusted Chinese suppliers
"Our advice to our customers is to never hit the email reply button when replying to an email regarding financial /contractual matters."Featured comment
Police are urging New Zealand businesses to be extra vigilant when paying money to overseas suppliers.
On the North Shore alone, two businesses have lost significant sums of money over a period of two months.
The two companies, who are not related in any way, have each placed an order with overseas suppliers in China. Both companies have dealt with their Chinese suppliers for many years, paying deposits into international bank accounts to pay for goods they are importing into New Zealand.
In both cases, the email accounts belonging to the Chinese suppliers have been hacked. The New Zealand businesses have received an email asking them to put their usual deposit into a different bank account. When the businesses have replied via email to query why they have been asked to deposit money into an account that differs from the usual one, they have received replies from the company confirming that the directions are correct. The confirmation email is also a fraudulent message that has again been sent by hackers who have accessed the Chinese email account.
The crime has only come to light several weeks later when the Chinese suppliers have contacted the New Zealand importers to question why they haven't paid their deposits.
Detective Chris Blake from the North Shore Police CIB says local business owners shouldn't be embarrassed about being overly cautious when dealing with overseas suppliers.
"Even if you've dealt with the same company for many years, don't be afraid to phone and ring the person you always deal with if you get a request that slightly differs from your usual routine with that company. We want to prevent any more Kiwi business owners from becoming victims of this type of crime, and so we'd urge people to phone their suppliers, rather than email," Detective Blake says.
Martin Cocker, executive director of the part government and police-funded NetSafe, tells NBR his organisation is seeing a small number of these being reported through its online crime reporting site, The ORB.
"Businesses report that many foreign companies do regularly change bank accounts and therefore these requests do not seem particularly out of place," Mr Cocker says.
"Any scam that closely resembles actual business activity has a higher chance of success - and this scam fits in that category.
"We recommend that businesses double check any request to change bank accounts by phone or fax. We would also remind businesses to use existing phone and fax numbers and not those listed in the request email."