NZ millions lost in global email rort
Police reckon Kiwi businesses have had up to $10m stolen by international organised crime group in scam
Acomplex and growing global fraud is targeting New Zealand businesses and police estimate an overall industry loss of up to $10 million since late last year.
Forensic accountants at the Financial Crime Unit (FCU) are battling to stop companies unknowingly depositing funds into criminal accounts after a “business email compromise”.
In reported crime, the FCU estimates between $5m and $10m has been gained or targeted since September.
But the sum could be much higher. Netsafe estimates only about 4 per cent of all cyber attacks in NZ are reported — costing the country between $250m and $400m a year.
The email compromise scam sees an email sent to a company’s accounts department from a seemingly legitimate client or colleague.
Some fakes have reportedly come with financial instructions directly from the company’s chief executive.
The emails ask the accounts department to update or process a normally regular payment with a new or amended bank account number.
Acting Detective Senior Sergeant Bridget Doell, of the Financial Crime Unit, told the Herald that when the accounts department processed the request, the funds often went to a “mule account” overseas or locally.
Once the funds arrive in the mule account they are transferred to another account — at times instantly.
A more complex email compromise sees a fraudster identify a business which is due to make a payment to a supplier or contractor.
“The fraudster tricks a mule into allowing a bank account to be used for some type of transaction, or gets the mule to open an account for a particular purpose,” Doell said.
“The fraudster then registers a domain [website] with a very similar name to the supplier or contractor, which may be only a letter different from the genuine email address of the supplier or perhaps have a different suffix, such as ‘.co.nz’ instead of ‘.com’.”
Doell said the scammer then sent an email, via the newly formed domain, to the targeted business advising its accounts department of an account change, giving new details.
“Vigilance for people responsible for the money is the key in prevention. With so many email cons and invoicing in modern day business it’s too easy for these scams to happen.
“The trust we have in email communication can be costly.”
The ‘Bob the Builder’ case
In March this year a Kiwi property company came close to losing more than $350,000 after it was targeted in an email compromise scam.
The quick and sophisticated scheme used genuine Bank of New Zealand accounts, before the stolen funds were wired to Hong Kong.
On March 7 a scammer lured a mule with a job offer for an email compromise scheme, and asked the mule to register a Kiwi company.
The company was to be named Bob the Builder (Akl) Ltd*, mirroring a real company the property company dealt with, Bob the Builder Ltd*.
Once the mule confirmed the company had been formed it was instructed to open two bank accounts at two banks, including at BNZ.
Once the accounts were active, a fake Bob the Builder domain address was created with only the slightest difference to the real Bob the Builder email.
On March 24, the scammer, masking as the property company, called the real Bob the Builder to ask what outstanding payments were due.
Once aware of what was owed, the scammer sent an email to the property company advising of a change in bank account details, and provided the details of the BNZ account.
Completely unaware, the property company promptly paid $354,982 to the mule’s bank account on March 24.
The funds were then sent to Hong Kong on March 27. However, on the same day the property company realised the scam and was able to repatriate all the funds from Hong Kong through BNZ.
The FCU believed the scammers were members of an international organised crime group.
*Names of companies changed.
FBI warns of dramatic increase
America’s Federal Bureau of Investigation (FBI) warned last December of a “dramatic rise” in business email compromise scams.
Globally, since October 2013, the FBI estimates more than US$3.1 billion ($4.50b) in actual and attempted losses have been reported.
“The BEC scam is one of the fastest growing schemes we’ve seen over the past few years,” FBI Special Agent Harold Shawin said in his warning.
The FBI suggests the scammers are part of international organised crime groups. Email compromise crimes have been reported in 100 countries.
Scammers were also using malware to infiltrate company networks, gaining access to legitimate email threads about billing and invoices, the FBI said.