Television New Zealand, the state-run television broadcaster, also known as TVNZ, disclosed information Sunday (Dec. 13) about two data security breaches over the last year — one involving an invoice scam.
[bctt tweet=”TVNZ disclosed 2 data security breaches — one involving an invoice scam.”]
According to local reports, the conglomerate announced that one of these breaches involved receiving a “fraudulent invoice,” which TVNZ paid.
“An email phishing attack on a supplier resulted in a fraudulent invoice being received and paid by TVNZ,” the company said in a written document submitted to Parliament’s Commerce Committee, according to reports.
TVNZ added that the scam involved issues on the supplier side of that relationship and that there was ultimately “no financial impact” to the broadcasting company.
“It is not unusual for scammers to target large businesses that transfer a lot of money around to pay bills,” said cybersecurity firm Netsafe’s executive director, Martin Cocker, in an interview with reporters. “The scammers issue them spoof invoices from what looks like legitimate sources and take the money for themselves.”
The second data breach involved sending financial statements that included sensitive corporate data to a client.
“Changes have been made preventing automatic distribution of emails from this and all other test systems to prevent this happening in the future,” the corporation said in its statement to the committee.
The business email scam, a type of phishing scam, is common among businesses — and more common among SMEs — involving cybercriminals sending seemingly legitimate invoices from a seemingly legitimate supplier to a company for payment.
Recent research released by expense management firm Concur found that 3 percent of businesses in the U.K. are aware they had paid a fraudulent invoice in the last year.