The scam works after you’ve emailed a client their invoice with bank account details for payment. Attackers compromise your email account and find recently sent invoices in your mailbox, copy them and update the payment bank account number to that of a “money mule”. They then send another email with the same layout indicating an updated invoice is attached.
A “money mule” is someone with a New Zealand bank account who can withdraw the funds very soon after the payment is made and send them offshore to a hacker. Sometimes the “money mule” does this knowingly, but often they’re also the victim of a scam.
Although the scam has targeted businesses mainly in the building sector, other industries should stay alert.