Rising sophisticated cyber attacks aimed at advisers
Advisers are being urged to be on heightened alert after a sharp increase in hard to spot malicious email activity.
Monday, March 9th 2026, 1:11PM 
1 Comment
by Sally Lindsay
NZFSG says the rise in sophisticated email attacks are targeted at the financial services sector.
The attacks, known as business email compromise (BEC), can cause significant financial loss and may lead to further cyber breaches.
These scams are particularly dangerous because cybercriminals deliberately design them to avoid detection, Laura Bennett, NZFSG’s principal security consultant says.
NZFSG has seen cases where compromised accounts are used to distribute mass phishing emails containing malicious links.
“These links may lead to fake login pages designed to harvest credentials or trigger the download of remote access tools, potentially compromising sensitive information and leading to financial loss.”
“This is a serious and evolving threat,” Bennett says.
When phishing emails are sent directly from a legitimate business email address, they appear
authentic and trustworthy. Bennett says that makes them far more dangerous. They’re deliberately designed to create urgency and prompt quick action.
Examples seen include subject lines such as “You’re Invited” or messages relating to
invoices, with recipients urged to click a link or download an attachment.
The National Cyber Security Centre (NCSC) is aware of the threat and is encouraging Businesses – particularly those in financial services – to check their email systems for signs of compromise are should get their IT providers to monitor business email accounts and review:
- Auto-forwarding rules, especially those relating to accounts receivable;
- Auto-filtering rules to identify any that were not set up by the business;’
- Email access logs for unusual login behaviour, such as changes in login times or unfamiliar/overseas IP addresses.
“If you receive any email that seems unusual or out of character and even if the sender is someone you know, do not click any links or open any attachments. Doing so could result in a malicious file being downloaded onto your device, potentially without your knowledge.”
NZFSG is urging its advisers to contact it and their IT provider if they suspect they may have clicked on a suspicious email or are unsure.
The aggregator also says it is important for adviser businesses to implement two-factor authentication (2FA) as a minimum security measure against cyber attacks.
| « Innovation with intention: Technology built for advisers | Basecorp positioning as a one stop shop for advisers » |
Special Offers
Comments from our readers
Sign In to add your comment
|
|
Printable version |
|
Email to a friend |
Kordia's 10th annual New Zealand Business Cyber Security Report indicates 44 percent of large businesses were successfully attacked in the past 12 months, and 61 percent suffered a serious business disruption, including extortion in one-in-five cases. Kordia's survey of business leaders found 24 percent were concerned about the misuse of AI in their business, with improper use among the top three cyber-security priorities.
AI-generated cyber-attacks are now a major threat for any mortgage adviser who has chosen to place their client data with a third-party owned cloud-based CRM. The only guaranteed protection is to operate a CRM which the adviser owns themselves with their client data been backed up on a NAS device which ensures the adviser owns and then controls the server themselves.