"The unwitting customer of that supplier also becomes a victim because they pay away to another account, and unfortunately, with that scam, it is not generally discovered until a long way down the track."
Kai Fong said it could be several months before the scam is discovered, as the business may not chase up the customer for payment for months.
"Chasing your overdue accounts is vital. It's better for your business to have the cash coming in, but it also means you'll uncover an invoice scam more quickly and have more of a chance to recover lost money."
Ashley Kai Fong, head of financial crime at the BNZ. Photo / Supplied
A new twist on this scam is where the fraudsters also pose as employees changing the bank account where their wages are paid.
Kai Fong said businesses could protect themselves by training staff not to click on links, having strong passwords and keeping security patches up to date.
"And probably not so obvious in the SME business is, sometimes their budgets might not be as big as they would like for software, and they might take freeware or shareware off the internet.
"The problem with that is, because you don't know where that has come from and what's in [it], there could be some malicious software that is assisting with this."
He said they would be better to have bona fide software.
When it came to new scams for consumers, Kai Fong said there was one doing the rounds using the messaging service Whatsapp.
It typically involves someone getting a message from a family member saying their phone was lost or broken as the reason behind the different number.
They then say they needed money to pay some urgent bill or due to getting locked out of a bank account.
"The dutiful loved one says, 'I better help out', and they pay."
But Kai Fong said people should pick up the phone and call their family member first on their normal phone number to check out the story.
He also suggested people have a secret code word to prove it was them.
The bank is also seeing different versions of the remote access scam where people click on a link through a text or email, and the scammer can gain access to a person's computer.
"What we are seeing is that then turns into, after a bit of a conversation, getting people's civic duty involved. 'Now that you have done this, you can help us catch a hacker - we just need you to use your money - we will pay you back - to catch the hacker'.
"Or [they say] there is somebody at the bank on the inside so you can't tell the bank, and then what they are doing is using that person's money."
He said scammers had got good at socially engineering people - especially some demographics.
"They might keep them on the phone for hours and keep feeding them bits of story and gaining trust and getting them to go to their bank [to take money out]."
Others are being re-victimised.
"After the investment scam, the scammers know you have already had money taken off you because they have done it. So then they phone up the victim again several months later and say, you have had this happen - we can get your money back for you - what you need to do is XYZ - then introduce a recovery scam and victimise them again."
Kai Fong urged people to be very wary of any calls out of the blue or which required people to act urgently.
"Some of these scams are well-orchestrated. There is still embarrassment and shame about people falling for scams, which there shouldn't be.
"What we need to do as a society is lift that veil a little bit. It is fair to say smart people are being scammed by smart scammers."
All it took was people to be vulnerable at that moment in time, he said, citing a couple with young children who were distracted right on dinner time and fell for a scam.
"You just need to be vulnerable at the time it occurs for you to fall for it. There should be no shame in that. If you do fall for a scam and have lost money, you need to contact your bank straight away and then the authorities Cert NZ and Police.
"We really don't know how big this problem is for New Zealand society. A lot still gets unreported."
Tips to avoid being scammed
• Never open links in text messages or emails
• Never open attachments from unknown senders
• Always check the sender of an email to make sure the address is right, especially if the email seems a bit odd
• If it looks too good to be true it probably is
• Urgency is a flag – scammers will try to rush you
• Contact your bank as soon as possible if you think you've been scammed. The sooner it's reported the better chance of recovering money
• Trust your gut – if it feels wrong, it probably is
