Money mules and hackers

It’s easy to assume online scammers are focused on the big players – eBay, Amazon and closer to home, Trade Me – businesses that sell exclusively online and with significant turnover. But in reality, online scammers are far more likely to target small to medium enterprises, and they’re a lot more attentive to us than you might think.

New Zealand’s building industry has been targeted recently with a spate of invoice scams. Effectively, a hacker intercepts an emailed client invoice, alters the bank account details to those of a ‘money mule’, and forwards to the client. The client pays the money mule (who may be an accomplice or an unwitting victim), and then the hacker quickly transfers the money from the mule’s account into his or her own account.

It’s bread and butter stuff for hackers, but the consequences can be devastating for businesses both in terms of the cost of the breach and strengthening digital security, and psychologically.

There are a number of insurers in New Zealand offering various cyber insurance policies to try and mitigate the risk of cyber fraud and each offers different definitions, exclusions, and limits.

Abbott broker Judith Fairbairn says it’s a complex area because you need to understand technology and insurance, and then overlay that understanding with your business risk analysis.

“It’s fair to say the balance of power and knowledge is not with the client, and that’s why it’s really important to seek professional advice from your broker.”

Judith Fairbairn, Abbott Insurance Brokers judith@nullabbott.co.nz

The key issue is that every business is different, as is every industry.

“Some policies will respond differently to certain classes of business or have different extensions of cover that are more relevant, and the client can’t be expected to know that. That’s what we’re here for.”

Abbott Group has recently undertaken a review of all the cyber insurance policy wordings available to New Zealand clients with a view to understanding the subtleties and how each will respond in given situations.

As always, we recommend that your business insurance programme is customised to your business and reviewed regularly. The better your broker understands you and your business, the better we can manage your risk, especially in such a fast evolving specialty as cyber insurance.

How to reduce your invoice scam risk

  • Use two factor or multi-factor authentication on your email account
  • Ask customers to check with you in person and not via email about:
    • New bank account details/payment instructions
    • Invoice double-ups
    • Unusual sender email address
    • Spelling mistakes
    • Changes to the way the invoice normally looks
  • Report any suspected fraud to your bank immediately and ask them to escalate it to the fraud team
  • If you’re a Xero customer, contact support@nullxero.com immediately

Published on Monday, February 27th, 2017, under Latest News