Wrap up your year with gratitude to employees and 2025 HR preparation
As the year wraps up, it’s a great time to acknowledge your team’s hard work and prepare for a fresh...
It’s hard to imagine that you could fall victim to business fraud. That happens to other people, right? People who are unlucky or less careful? Not necessarily. We present three recent examples of fraud, along with tips on how to protect your business against cyberattack, spear-phishing and false invoices.
Time to read: 4 mins
More and more cyberattacks are targeting New Zealand businesses. An attacker can target you or your IT supplier’s systems to lock down or steal your data and prevent you accessing your systems. CERT NZ responded to 1,968 cyber security incidents in Q1 2023, up 12% from Q4 2022. Direct financial losses were up 66% to $5.8 million.
Last year a New Zealand business lost its operational IT systems, customer-facing website, payroll systems and employee data when the business that looked after its IT was attacked. Back-ups were also compromised, so no data recovery was possible. Staff and contractors spent hundreds of hours rebuilding the information and systems, and dealing with the disruption to the business.
A “spear phishing’’ attack is highly targeted and can seem credible enough to fool even careful staff who are alert to fraud risks. The fraudster may already know enough information about the business and individual being targeted to make a plausible request.
Last year a New Zealand charity administrator was targeted with an email, supposedly from the Chief Executive, asking them to buy gift cards to be used as competition prizes. The request was urgent and there was no time for the usual processes and approvals. The staff member did as asked, forwarding the serial numbers of the gift cards by return email. Sadly, it was a scam and $500 was irrecoverably lost.
This one’s an oldie, but still a favourite of fraudsters. By creating fake invoices or changing supplier details on real invoices, scammers can obtain payments from businesses for goods and services they haven’t provided. Sometimes the perpetrator is a staff member, sometimes a stranger. These types of fraud can be extremely expensive and devastating for staff morale if they continue for a long period undetected.
A charity worker appeared in court in Wellington in June 2023 accused of misappropriating more than $1 million through fake supplier invoices and direct payments from the charity’s bank account. The timing of the losses coincided with rapid growth in activity for the charity, which saw revenue and spending increase four-fold over a two-year period. Those periods of change can be risky for businesses because there is more opportunity for fraudsters, and unusual spending might be harder to detect.
If you feel like there could be vulnerabilities in your IT system, our IT team can provide cyber security, technology advisory, disaster recovery reviews, day-to-day support and more.
Businesses face all kinds of risks and we provide risk management and assurance services to ensure that they are identified and managed in the most effective way. Call us today if we can assist!
DISCLAIMER No liability is assumed by Baker Tilly Staples Rodway for any losses suffered by any person relying directly or indirectly upon any article within this website. It is recommended that you consult your advisor before acting on this information.
Our website uses cookies to help understand and improve your experience. Please let us know if that’s okay by you.
Cookies help us understand how you use our website, so we can serve up the right information here and in our other marketing.