Rising sophisticated cyber attacks aimed at advisers
Advisers are being urged to be on heightened alert after a sharp increase in hard to spot malicious email activity.
Monday, March 9th 2026, 1:11PM
by Sally Lindsay
NZFSG says the rise in sophisticated email attacks are targeted at the financial services sector.
The attacks, known as business email compromise (BEC), can cause significant financial loss and may lead to further cyber breaches.
These scams are particularly dangerous because cybercriminals deliberately design them to avoid detection, Laura Bennett, NZFSG’s principal security consultant says.
NZFSG has seen cases where compromised accounts are used to distribute mass phishing emails containing malicious links.
“These links may lead to fake login pages designed to harvest credentials or trigger the download of remote access tools, potentially compromising sensitive information and leading to financial loss.”
“This is a serious and evolving threat,” Bennett says.
When phishing emails are sent directly from a legitimate business email address, they appear
authentic and trustworthy. Bennett says that makes them far more dangerous. They’re deliberately designed to create urgency and prompt quick action.
Examples seen include subject lines such as “You’re Invited” or messages relating to
invoices, with recipients urged to click a link or download an attachment.
The National Cyber Security Centre (NCSC) is aware of the threat and is encouraging Businesses – particularly those in financial services – to check their email systems for signs of compromise are should get their IT providers to monitor business email accounts and review:
- Auto-forwarding rules, especially those relating to accounts receivable;
- Auto-filtering rules to identify any that were not set up by the business;’
- Email access logs for unusual login behaviour, such as changes in login times or unfamiliar/overseas IP addresses.
“If you receive any email that seems unusual or out of character and even if the sender is someone you know, do not click any links or open any attachments. Doing so could result in a malicious file being downloaded onto your device, potentially without your knowledge.”
NZFSG is urging its advisers to contact it and their IT provider if they suspect they may have clicked on a suspicious email or are unsure.
The aggregator also says it is important for adviser businesses to implement two-factor authentication (2FA) as a minimum security measure against cyber attacks.
| « Innovation with intention: Technology built for advisers |
Special Offers
Comments from our readers
No comments yet
Sign In to add your comment
|
|
Printable version |
|
Email to a friend |
