New Zealand businesses and individuals lost $265 million to scams over the past year, according to the Ministry of Business, Innovation and Employment (MBIE). Almost half of that total came from scams where victims authorised the payment themselves. This signals that social engineering remains one of the most financially damaging threats in the country.
These insights are based on MBIE’s published loss data, with each takeaway reflecting common tactics seen across scam types such as invoice redirection, phishing, and identity deception. For finance leaders, this year’s data points to a clear shift. Many scams are no longer exploiting system weaknesses, but people and processes. These are the three scam trends putting payment integrity and supplier trust at risk.
1. Authorised payment scams are now the costliest
Losses from authorised payment scams reached $126 million, almost twice the amount lost to the next most common scam type. In these cases, a fraudster convinces someone inside the business to transfer funds to what looks like a legitimate supplier or investment account.
Because the payment is approved internally, it often evades post-transaction fraud detection. This is a direct risk to accounts payable teams, especially where supplier detail changes are actioned without independent validation. For a deeper dive into this risk, see why spreadsheet-based controls leave NZ finance teams exposed.
2. Email compromise still drives financial loss
MBIE notes that many scams involve someone being tricked into making a payment, and email is one of the most common vehicles for that deception. Business email compromise remains a key enabler of invoice and impersonation scams. Fraudsters gain access to internal email threads, posing as suppliers or executives to alter payment details or redirect approvals.
When finance teams rely on email alone to manage supplier communication or payment sign-off, even a small compromise can result in high-value loss. This risk sits squarely inside the finance function. See how these tactics impact AP teams in this guide to preventing financial fraud in accounts payable.
3. Impersonation attacks are harder to catch
Scams involving invoice fraud and identity deception are a persistent category in MBIE’s breakdown. Scammers increasingly use real names, accurate invoice formats, and public data to impersonate suppliers or partners. These tactics often succeed when payment pressure is high and teams lack tools to flag unusual changes in supplier data.
Manual processes may not detect when a familiar-looking invoice is routed to a new bank account, particularly if the fraudster has created a convincing digital paper trail. In sectors like construction, the risk is even more pronounced — explore why NZ builders are a growing fraud target.
Eftsure helps finance teams reduce these risks by independently validating supplier bank details, monitoring for payment anomalies, and alerting users to changes before approval. This reduces reliance on email or instinct when processing high-risk payments. Learn more about how Eftsure’s payment protection works.
Heading into 2026, finance teams are reassessing the weak points in their payment processes. With impersonation scams getting harder to detect and pressure mounting on teams to move quickly, independent verification is becoming a core part of the control environment.
To see how Eftsure supports payment control across evolving risks, book a demo.
