123rf.com
Australia has been the target of increasing cyber-attacks by a foreign entity.
A small company hacked by international scammers says businesses and banks need to be more diligent about checking that payments are going to the right bank accounts.
The Wellington-based company, which operates across the country and has connections to Christchurch, spoke to: stuff provided it remains anonymous.
“Company Z”, which handles large amounts of money, was stabbed by offshore cybercriminals with local connections in March 2022, when it paid two bills, with the combination well into the six digits.
Four days later, it received a call from Kiwibank to say it appeared to have been the victim of fraud. The owner of company Z initially said he was incredulous.
READ MORE:
† How I Lost Nearly Thousands After I Fell For Email Hacking Scam
† $500 Gone From Bank Account, Generate KiwiSaver Member Blames Hack
† Australian MasterChef finalist caught transferring hacker attack
† Arrest warrant issued for former financial officer accused of theft
† Hamilton finance company is chasing $4 million from former employee
† Hacker Steals Thousands From Kiwi Victims Using Complex Scam
“We have good processes and they had to convince me,” he said.
It turned out that Company Z had been hacked, with the hackers changing the bank accounts on the invoices the company paid.
Have you fallen victim to a cyber scam? E-mail [email protected] in trust.
“What really worries me is that banks have visibility into some of these things, and there needs to be a network of people in New Zealand who are being used by foreign criminal gangs and being used as money mules.
“They seem to operate with absolute impunity. We joked that we should become full-time scammers because there are no consequences and no one is after you.”
He believes that banks should verify that payments to a particular party match that party’s real bank account, and urged companies to do the same.
It comes in the midst of calls from the Banking Ombudsman for a review of banking processes and consumer protection for scams following a spike in online fraudespecially the so-called “romantic” scams.
Unsplash
Hackers are constantly searching the Internet for vulnerable companies.
Last month, MPs were told that complaints to the Ombudsman over the past three months were almost double the same period last year, and the ombudsman said banks, social media companies, government agencies and police urgently need to work together to tackle the problem†
Company Z’s payments into the suspicious bank accounts were spotted by ASB, which was monitoring one of the dubious accounts. ASB traced the transfer to Kiwibank and raised the alarm.
The accounts were managed by two beneficiaries in Auckland who are believed to have been used by the hackers to receive and then transfer the funds.
One was elderly and didn’t speak English well and the other was a young woman.
The elderly man has saved Company Z a lot of money. The scammers couldn’t get him to transfer the money fast enough, so the account was frozen and Company Z got half of the money back. The other half was transferred offshore.
The owner of company Z went to the police a few days later and filed a complaint. He was told nothing could be done, he said, but refused to accept and went back to the police.
“I later spoke to an officer who was sympathetic but who said that although the problem was rife, the police couldn’t really do anything and were prosecuted very rarely.”
Access to bank records required the police to get a production warrant (such as a search warrant) and the courts would only issue it if specific information was provided, he said.
Company Z then gave the police more information, but was again told that the police would not investigate.
Unsplash
Lines of code are a hacker’s friend when it comes to scams.
Detective Inspector Stuart Mills, who had been given the Company Z complaint file number so he could comment, said it was difficult to investigate “corporate email compromises.”
“It can be difficult to track down these offenders as many are based abroad. The funds generally go offshore with a small window to recover them.
“The international dimension makes it more difficult to identify offenders as money can travel through a number of jurisdictions.
“We recognize that our visibility around the magnitude of the problem and linking of related cases needs to be improved. The police are working in this area to improve reporting.”
The owner of Company Z said the banks knew the identities of the local bank account holders and did not buy the excuse that the matter was too difficult.
He said the hackers were so advanced that they emailed the party to receive the payment to say it would be too late due to technical issues.