NZFSG issuing an “urgent warning” to its adviser network following an increase in sophisticated email attacks attracted a great deal of interest this week…
NZFSG has issued an “urgent warning” to its adviser network following a sharp increase in sophisticated email attacks targeting the financial services sector, which have been highlighted by the National Cyber Security Centre.
The company points out that the attacks, known as business email compromise, can cause significant financial loss and may lead to further cyber breaches.
“These scams are particularly dangerous because cybercriminals deliberately design them to avoid detection,” it says in a statement.
NZFSG says it has seen cases where compromised accounts are used to distribute mass phishing emails containing malicious links.
“These links may lead to fake login pages designed to harvest credentials or trigger the download of remote access tools, potentially compromising sensitive information and leading to financial loss.”
…a serious and evolving threat…
Laura Bennett, NZFSG’s Principal Security Consultant, describes this as a serious and evolving threat.
“When phishing emails are sent directly from a legitimate business email address, they appear authentic and trustworthy. That makes them far more dangerous. They’re deliberately designed to create urgency and prompt quick action.”
Examples observed include subject lines such as ‘You’re Invited’ or messages relating to invoices, with recipients urged to click a link or download an attachment.
NZFSG says The National Cyber Security Centre is aware of the current threat and is encouraging businesses – particularly those in financial services – to check their email systems for signs of compromise. Advisers are encouraged to engage their IT providers to monitor business email accounts and review:
- Auto-forwarding rules, especially those relating to accounts receivable
- Auto-filtering rules to identify any that were not set up by the business
- Email access logs for unusual login behaviour, such as changes in login times or unfamiliar/overseas IP addresses
Bennett emphasised the importance of exercising caution.
“If you receive any email that seems unusual or out of character and even if the sender is someone you know, do not click any links or open any attachments. Doing so could result in a malicious file being downloaded onto your device, potentially without your knowledge.”
NZFSG urges its advisers to contact them and their IT provider if they suspect they may have clicked on a suspicious email or are unsure.
It also emphasises the importance of implementing two-factor authentication across the business as a minimum security measure against cyber attacks.
Advisers can report any incident or suspected attack to the NCSC.