If you were following the news last month you may be wondering what Team New Zealand did wrong, and how you can ensure that it won’t happen to your business.
Team New Zealand inadvertently relied on a fraudulent phishing email advising a supplier’s change in bank account number. This resulted in Team New Zealand paying a seven-figure sum to a Hungarian fraudster because they did not verify the email was valid.
Phishing is the fraudulent practise of sending emails purporting to be from reputable companies to induce individuals to act. These emails can induce the individual or business to reveal information such as passwords or PIN numbers, or in more sophisticated attacks they will gain access to a business’ email and run searches for certain business activities. The fraudsters will then send emails or invoices purporting to be from the hacked company, but with the fraudster’s own bank account details.
To protect your business from phishing, your accounts payable and payroll team must ensure that their policies:
- Include a telephone call to any new supplier or employee when you are setting them up in your accounting software; and
- Ensure any notification of change of bank account is verified by a different telecommunication source eg, an email or text is followed up with a phone call, or a phone call is followed up with an email.
In the case of a new supplier, call them from the phone number on their website, not the number on the documents you have received. Assume any email and details could be fraudulent and simply pick up the phone to confirm.
There are many ways you can protect your own emails from being hacked, such as virus protection software, and by using double factor authentication. The use of secure access portals between businesses and customers is also becoming popular as the password requirement and levels of encryption mean security is high.
Cybercrime is increasing and changing the way we need to work to keep our businesses safe. If you are not having regular conversations with your IT professional, and insurance advisers about Cyber security, now is the time to start.