NCSC General Security Advisory GSA-2018-582

Business emails being compromised and used to facilitate fraudulent payments

The National Cyber Security Centre (NCSC) advisory GSA-2018-582, is a general security advisory to business. The NCSC is aware of New Zealand organisations business email accounts being compromised and used to facilitate fraudulent payments. Criminals undertaking this activity gain access to an organisation’s email account to change or create illegitimate business-to-business transactions for their own financial gain.

The NCSC recommends organisations take steps to protect their business email accounts. Organisations should ensure they have internal financial controls appropriate to the size and nature of their business to prevent and detect fraudulent payment requests. These common business practices would help to mitigate the risk of falling victim to a fraudulent payment request based on a business email compromise.

Download Advisory GSA-2018-582