Online scammers go to incredible lengths as they fleece NZ company for $300,000

Cert director Rob Pope.

Everyone's seen amateurishly executed invoicing scams.  

But the latest quarterly report from the government’s still relatively new Computer Emergency Response Team (Cert) highlights that some outfits can be extremely professional – and go to huge lengths not to raise suspicions.

Cert received a report from a small company in the retail, trade and accommodation sector, which had lost a lot of money to an invoicing scam.

The New Zealand company had a supplier in China it used regularly. Scammers had managed to get enough information about the Chinese supplier to imitate their emails, including using a very similar email address, and even copying the signature in the email, Cert says.

The scammers then sent fake invoices to the New Zealand company at a time they were expecting to pay and as a result, paid the fake invoices, resulting in losses of over $300,000 (a visitor from Mars might find everything so neat that it looks suspiciously like an inside job). The case was referred to the NZ Police for investigation.

Overall, Kiwis lost $1.1 million to cybercrime between July and September, compared to the previous quarter’s $732,000.

Not much should be read into the numbers at this early stage of Cert’s existence. The increase can probably be put down to a growing awareness that the new agency exists (the 20-person Crown agency was set up late last year with a $22 million budget to cover its first four years; it’s headed by ex-deputy police commissioner Rob Pope).

Cert’s aim is to be part triage provider and part co-ordinator. When you or your company are hit by a cyber-threat, Cert (cert.govt.nz) won’t offer you hands-on assistance but it will give you a backgrounder on the threat you’re facing, and point you to the right government agency.

In the September quarter, Cert fielded 390 reports of incidents. Cert itself responded to 297, 78 of which were judged to be cybercrimes and referred to police, and 15 incidents deemed to be online bullying and referred to Netsafe, the approved agency for dealing with incidents that fall under the Harmful Digital Communications Act.


7 · Got a question about this story? Leave it in Comments & Questions below.

This article is tagged with the following keywords. Find out more about MyNBR Tags

Post Comment

7 Comments & Questions

Commenter icon key: Subscriber Verified

Another layer to an already bloated bureaucracy: Review, Refer, then Retreat.

Reply
Share
  • 0
  • 0

Based on the details from the CERT in first 6 months it is all about scam stuff which is out side of their remit.

Based on that we (the tax payer) are being scammed for over $5m to pay for the CERT.

Reply
Share
  • 0
  • 0

The joys of doing business... in China

Reply
Share
  • 0
  • 0

Scammers more likely to be local- indicated it's an inside job (within NZ).

Reply
Share
  • 0
  • 0

I came across an online marketing company based on the shore that I were double invoicing, when the customer raised the issue they said it was a scam, again, everything was a direct copy except the payment details. Really have to keep an eye on your records! They blamed it on an ex staff member, made me wonder...

Reply
Share
  • 0
  • 0

I have been in various businesses all my life, some larger than others. Plenty of scams have crossed my desk and the MO of these scammers are obvious. Rule of thumb - Sight and pay all the bills yourself.

Reply
Share
  • 0
  • 0

This isn't news to anybody in the retail game. Sending false invoices out has been around since the beginning of time. Many companies routinely send them out, knowing that a small percentage of them will be paid by companies that have slack checking processes. I came across it myself when I was involved in retail. The office lady informed me that she received false invoices daily. After a while you get to know the false ones from the legit ones. Example, If your selling plumbing goods, and you get an invoice for $167 for two hundred cream cakes, at sort of sticks out a bit. Some of the harder ones to catch, are the ones for $300 worth of copper pipe, that you never received. If you ring them and query it, they just back down and say it was an clerical error, and to ignore it.
This sort of thing used to go on all the time. I don't know about these days, as I'm not in the game anymore.

Reply
Share
  • 0
  • 0

Post New comment or question

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

NZ Market Snapshot

Forex

Sym Price Change
USD 0.6930 0.0022 0.32%
AUD 0.9197 0.0024 0.26%
EUR 0.5885 0.0019 0.32%
GBP 0.5193 0.0017 0.33%
HKD 5.4101 0.0171 0.32%
JPY 78.6310 0.2000 0.26%

Commods

Commodity Price Change Time
Gold Index 1241.8 -3.820 2017-12-11T00:
Oil Brent 64.7 1.290 2017-12-11T00:
Oil Nymex 58.0 0.670 2017-12-11T00:
Silver Index 15.7 -0.038 2017-12-11T00:

Indices

Symbol Open High Last %
NASDAQ 6847.6 6879.8 6840.1 0.51%
DJI 24338.1 24389.7 24329.2 0.23%