Scammers are emailing invoices to New Zealand businesses that resemble real bills.
Cyber security watchdog CERT NZ was receiving increasing reports of scams involving false invoices.
Scammers were hacking into business email accounts and monitoring emails for a couple of weeks to see when large payments were due.
They then sent an email from the business' email address asking the customer to pay into a different bank account.
This was usually an invoice or payment the customer was expecting, and it appeared to come from the business. The only visible difference was the bank account number on the invoice.
In some cases, the scammer would intercept an invoice and change the bank account details.
In other cases, the scammer would follow up an invoice that had already been sent, saying they forgot to update it with their new bank account.
Some scammers were covering their tracks by setting up auto-forwarding rules on the business' email.
This meant if a customer replied to the email questioning the bank account change, the scammer could reply to them directly without the business knowing.
Scammers were also setting up filtering rules to delete all their sent mail so their messages were not discovered.
CERT NZ recommended people check new bank account numbers by phone, but check the phone number first.
Businesses should check for unfamiliar auto-forwarding and auto-filtering rules on email accounts.
Email access logs could be checked for unusual login times and unexpected or foreign IP addresses.
Email security could be improved with two-factor authentication and strong passwords on email accounts.
People who had been affected by the scam should change passwords immediately and call their bank to stop payments to fraudulent accounts.
Incidents should be reported to CERT NZ - tick the "share with partners" option to alert police.
If you have been affected by this scam or need further support, you can make a report through the CERT NZ website or by phoning 0800 CERTNZ.