Business Advisory Firm Urges Kiwi Businesses To Up The Ante On Fraud Protections

25 July 2023

Grant Thornton New Zealand’s bi-annual business survey has revealed 41% of business owners, leaders and decision makers undertake specific planning for fraud risk – a number that should be a lot higher according to business advisory services and tax partner, Greg Thompson.

“A lot of online scams are pretty obvious. Your bank isn’t going to send you emails about your balance expiring soon. And you know the IRD isn’t going to send you a text to transfer your tax rebate.

“However, the types of scams most likely to affect New Zealand businesses are considerably more sophisticated. They’re also increasing in frequency and surprisingly convincing; so it’s concerning to see that less than half of survey respondents in our research plan for this type of risk”, says Thompson.

Invoice fraud is one of the most common online scams experienced by businesses. This typically involves a fake invoice from a supplier.

Thompson says, “A scammer can create a bogus invoice that looks like one from your supplier, but with a different bank account. The email addresses they use will look very similar to the supplier’s but one character will vary slightly.

“Or they’ll simply hack a supplier’s email account and start watching for patterns in your business cycle so they know when you’re expecting to receive invoices; they’ll even know the typical amounts and items.”

Thompson emphasises the importance of being proactive rather than reactive when it comes to this type of risk management and says many companies won’t proactively plan for breaches until they’ve actually experienced one.

“As the saying goes, ‘the time to repair the roof is when the sun is shining’. Businesses need to take a ‘when’ not an ‘if’ approach to fraud prevention, particularly as it’s becoming more prevalent and can potentially devastate vulnerable companies”.

But there are steps organisations can take to better protect themselves from breaches.

“It’s important to take the time to establish a process for verifying any new details a vendor gives you like bank account numbers and email addresses, and to always check information changes over the phone – not email.

“Two factor authentication process can also be an effective safeguard as it ensures payments are being authorised by multiple team members who can verify the transaction’s legitimacy.

“Because all fraud involves a human element, employees should be trained to recognise common red flags such as unusual email addresses, grammatical errors, or unexpected changes in payment instructions.

“And of course, it’s mission critical to strengthen cybersecurity measures to protect against phishing attacks, malware infections, and to ensure secure file sharing methods are in place to protect the transmission of sensitive information.

© Scoop Media