Find a branch
Contact
Help
Cybercrime is rising fast and small businesses are prime targets. In the past year, New Zealand businesses have lost millions to scams that are becoming more sophisticated and harder to spot. We spoke to Westpac’s Senior Intelligence Analyst, Omar Patron Lopez, about five common scams to watch out for and practical ways to protect your business.
1. Invoice fraud or business email compromise (BEC)
Fraudsters impersonate suppliers or executives, sending fake invoices or urgent payment requests. One New Zealand charity lost $45,0000 before realising it was a scam.
How to guard against it:
Verify any changes to supplier details before processing payments. Use strong, unique passwords and enable multi-factor authentication on email accounts. Find more tips on preventing BEC and invoice fraud.
2. Phishing and authorised-payment scams
Scammers pose as bank fraud teams via email, phone or text, convincing business owners to share login details. The Banking Ombudsman has reported an average of 80 scam cases a month, with average losses of $80,000.
Stay safe:
Train staff to spot phishing emails and suspicious links. If something feels off, confirm through official channels – never click links or share login details without checking. Visit the Westpac website for more information on phishing or business and government impersonations.
3. Impersonation scams
Fraudsters pretend to be from reputable institutions like the Financial Markets Authority (FMA) or the Department of Internal Affairs’ AML/CFT team, and ask for fees or confidential data. Unfortunately, fraudsters have even been known to impersonate bank staff. Learn more about this type of scam and how to protect yourself.
What to do:
Limit access to sensitive information. If you’re contacted unexpectedly, check the official website or call the organisation directly.
4. AI-powered deepfake and “voice-in-call” scams
Generative AI is creating new risks globally. Closer to home, New Zealand businesses have reported falling victim to deepfake voice or video scams, with losses reaching tens of millions.
Reduce the risk:
Confirm unusual requests through another channel. Keep software and devices updated to reduce vulnerabilities.
5. SIM-swap and SMS-based scams
Fake courier messages or verification texts can be sent to hijack your phone number or capture one-time passwords. “Operation Cargo” by the Department of Internal Affairs and NZ Police reportedly reduced SMS scams by 80-83%, but SIM-swap attacks continue to pose a threat to businesses.
Protect yourself:
Be cautious with unexpected delivery updates or links. Monitor accounts for unusual activity and back up business data regularly. Learn the latest about mobile porting and SIM swap scams.