Invoice scams on the rise, but ransomware down, says CERT NZ

CERT NZ says cyber security issues reported to it in the three months to 30 September cost New Zealanders more than $1.1m, up from $700,00 in the previous quarter. In addition, online scams and other fraud reported to CERT NZ and NetSafe cost the victims $2.1m.

CERT NZ said fake doctored invoices represent a growing threat. A basic invoice scam involves scammers sending out fake invoices disguised as invoices for well-known services.” Cert NZ said.

“If recipients pay the bill, they lose their money. If they contact the scammers, the scammers will usually use a variety of social engineering tactics, ranging from persuasion through to bullying, to try and convince them to pay the fake invoice.

“There are also more sophisticated campaigns, where scammers send emails to businesses and organisations that appear to be from a senior executive such as a chief financial officer asking the recipient to pay an urgent bill.

“These emails can come from fake email addresses intended to look legitimate. Scammers also use phishing techniques to gain access to businesses email addresses, making the fake invoices much harder to detect, CERT NZ said.

It added: “They have also reported that in some cases their suppliers were compromised by attackers, who altered invoices by changing the bank account number from them in order to steal money from legitimate transactions.”

CERT NZ also reported cases where people had been asked to become parties to fraud. “Mandarin-speaking scammers were contacting NZ-based Mandarin speakers via the WeChat messaging app. The scammers were offering to pay 100 percent of their NZ bills, in return for 60 – 80 percent of the cost of the bill being sent to the scammers. In turn, the scammers were apparently paying the bills in their entirety, but from suspected stolen credit cards.”

There was some good news: since the spike in ransomware attacks via WannaCry in May, ransomware attacks have declined significantly, by more than 50 percent.

CERT NZ speculated that this could be the result of heightened awareness and improved controls, or the result of recent international law enforcement efforts to disrupt some of the dark web marketplaces where ransomware variant ‘kits’ are often traded.

The quarterly report is CERT NZ’s second following its foundation in April 2017. The first covered a shorter period, from the date of CERT NZ starting operations, 11 April to 30 June.

At the end of November CERT NZ published its Critical Controls 2018, summarising the ten controls that would mitigate or contain most of the information security incidents reported to it.

CERT NZ director, Rob Pope, said the controls were based on the research and incidents seen to date, and other sources from the global CERT network and international data feeds.

“We launched these initiatives because the data tells us that the best way to protect individuals and organisations is to show people how to do the basics well,” he said.

“The most effective steps are simple and easy to do, but require a little effort.  International evidence shows that 85 percent of cyber security incidents can be prevented by simple measures, like updating your operating system.”