A good reminder, which unfortunately needs to be often. There is no need not to trust that emails requesting bank account changes are legitimate but make sure you pick up the phone and ring to confirm the request to change bank accounts.

A good simple internal control to safeguard your outgoing payments.

For suppliers, get the phone number already stored in Xero\MYOB or take it off a previous invoice.

https://www.stuff.co.nz/business/111961700/police-warn-businesses-of-scammers-hacking-into-workers-bank-accounts

The scammers use the employee's name to create a fake address and requesting a change of bank account.
The scammers use the employee’s name to create a fake address and requesting a change of bank account.

Businesses and payroll operators are being warned to beware of scammers hacking into employee’s bank accounts.

The Southern District Police said there had been several reports of scammers, usually operating from an overseas IP address and creating false email addresses in the name of an employee to fool employers and payroll departments.

The scammers had been posing as the employee and requesting a change of bank account to make it more realistic, this is often another New Zealand bank account and part of another scam.

If successful, the scammer then gets paid the employee’s salary. 

Police have also had reports of another scam where the scammers intercept customer invoices sent by businesses via email.

The scammers create a false business email account – very similar to the genuine one – then advise the customer that bank account details for payment have changed, thereby pocketing the customer’s payment.

Police have advised businesses to check with employees by phone or in person if they ever receive an invoice with a new payment bank account number.

If a customer has made payment to a fraudulent bank account, they should contact their bank immediately and report it, making sure the matter is escalated to the bank’s fraud team, police said.