Header Articles


December 2019

There are continuing and increasing reports of theft of money and credit card information as a result of most of us using computers to receive emails, pay accounts and transfer monies. The risks can be particular dire for small businesses.


What all small businesses need to focus on with their on-line business activities are:

  • Assess your computer security including security software (firewall, anti-virus and anti-spyware software);
  • Use email spam filters and ensure that your employees recognise scams and hoaxes, and do not click on links or open attachments from suspicious senders; and
  • Have a management plan giving your employees guidance on recognising and dealing with computer security breaches.

When undertaking on-line business banking the recommendation is that:

  • All staff are trained to recognise suspicious emails;
  • When paying accounts, confirm new invoice details and bank account numbers directly with suppliers using a phone number known to you or publicly available;
  • Be cautious when emails request urgent or confidential action be taken; and
  • Do not conduct the whole transaction electronically unless you are absolutely sure that you are dealing with the correct person or business. 

If in doubt, you should contact the National Cyber Security Centre (which is part of the Government Communications Security Bureau). Their details are: PO Box 12-209, Wellington 6144; Phone 04 498 7654;

Email:; Web:

An Example on Point

We recently had an example of the type of fraud that can occur using emails.

Our policy is to always require either an encoded deposit slip or a recent copy of a Bank Statement to ensure the accuracy of our client’s Bank Account details.

In this example, the client simply sent an email to us stating their Bank Account number. We were suspicious of the email (partly as it did not comply with our policy) and telephoned the client. When checking the account number it proved to be wrong. What appears to have happened is that the client’s email was intercepted and the account number was changed. The new account number given was with a Bank in Eastern Europe.

The situation was rescued but it could, so easily, have been disastrous.