Business Email Compromise
ANZ customers should be aware of the various types of business email compromise (BEC) that are impacting businesses globally. BEC involves the compromise of an email account through hacking or using a forged sender’s email address (known as spoofing) and a fake request for payment is sent to staff or clients.
Once the money is sent it is very difficult to recover, and often travels through domestic bank accounts (using unsuspecting customers who are also being scammed) until it reaches an international account controlled by the fraudster.
In many cases the tone of the email (or attachment) is very convincing and can mimic previous interactions, such as using similar greetings.
BEC is estimated to have cost global business over USD 3 billion over the last 2 years and ANZ has been made aware of instances occurring in the Pacific region.
The main types of BEC are:
- CEO Email Fraud (Whaling) - An executive's email account is compromised and payment requests are sent to the accounts team for urgent payments to be made to an international account.
- Invoice Fraud - A business email account is compromised and a genuine invoice is modified (or a fake email created), changing the payment account details to those controlled by the fraudsters. This type of fraud may not be discovered for some time.
The New Zealand organisation Netsafe lists the following actions to help prevent BEC:
- Be cautious when you receive emails requesting urgent or confidential action must be taken;
- Examine email sender details carefully, watching for similar domain names or characters that have been swapped for other letters;
- Forward email responses instead of hitting ‘reply’ so you can type out the genuine email address for a supplier you communicate with;
- Ensure staff handling payments are trained to recognise suspicious emails;
- Put in place a ‘two person rule’ around signing off transactions and set transfer thresholds;
- Confirm new invoice details with suppliers using a phone number known to you, not the one on a suspicious invoice.
Further information can be found on the Netsafe website - netsafe.org.nz.
Email Phishing Scams
A reminder to ANZ customers to watch out for fake emails that look like they have been sent from ANZ. This is known as 'phishing' and these emails are actually sent from fraudsters who want to trick you into giving them sensitive information like your internet banking username and password.
A phishing email may ask ANZ customers to confirm their account information by clicking on the link provided in the email or opening an attachment. Once the link is clicked or the attachment opened, a fake ANZ Internet Banking log on page appears and your account information may be captured if any of your details are entered.
Once they have these details they can use them to log into your Internet Banking session and steal money out of your accounts.
- We will NEVER send you emails asking you to click a link through to ANZ Internet Banking.
- Always log on to ANZ Internet Banking by typing www.anz.com/samoa into the address bar, rather than following links to the ANZ website.
For more information on banking safely online, read our internet protection tips and hints.
Customers who have received a suspicious email and are concerned should contact the ANZ Internet Support Centre on +685 69999.
An example of a phishing email is provided below: