Everyone's seen amateurishly executed invoicing scams.
But the latest quarterly report from the government’s still relatively new Computer Emergency Response Team (Cert) highlights that some outfits can be extremely professional – and go to huge lengths not to raise suspicions.
Cert received a report from a small company in the retail, trade and accommodation sector, which had lost a lot of money to an invoicing scam.
The New Zealand company had a supplier in China it used regularly. Scammers had managed to get enough information about the Chinese supplier to imitate their emails, including using a very similar email address, and even copying the signature in the email, Cert says.
The scammers then sent fake invoices to the New Zealand company at a time they were expecting to pay and as a result, paid the fake invoices, resulting in losses of over $300,000 (a visitor from Mars might find everything so neat that it looks suspiciously like an inside job). The case was referred to the NZ Police for investigation.
Overall, Kiwis lost $1.1 million to cybercrime between July and September, compared to the previous quarter’s $732,000.
Not much should be read into the numbers at this early stage of Cert’s existence. The increase can probably be put down to a growing awareness that the new agency exists (the 20-person Crown agency was set up late last year with a $22 million budget to cover its first four years; it’s headed by ex-deputy police commissioner Rob Pope).
Cert’s aim is to be part triage provider and part co-ordinator. When you or your company are hit by a cyber-threat, Cert (cert.govt.nz) won’t offer you hands-on assistance but it will give you a backgrounder on the threat you’re facing, and point you to the right government agency.
In the September quarter, Cert fielded 390 reports of incidents. Cert itself responded to 297, 78 of which were judged to be cybercrimes and referred to police, and 15 incidents deemed to be online bullying and referred to Netsafe, the approved agency for dealing with incidents that fall under the Harmful Digital Communications Act.
This article is tagged with the following keywords. Find out more about MyNBR Tags
Most listened to
- A2 CEO Geoff Babidge on the Fonterra alliance and first-half results
- Spark MD Simon Moutter on his company's half-year result and its possible downgrade
- Brent Edwards runs down Mfat's CPTPP analysis report
- Little Bird's Jeremy Bennett explains why the company is equity crowdfunding
- Fletcher CEO Ross Taylor on results, CFO Bevan McKenzie on banks
- Ebos chief executive Patrick Davies outlines the company's profit jump
- Don’t throw the baby out with the bathwater, says Meridian CEO Neal Barclay
- NBR Radio: The best interviews – updated daily, with Grant Walker