Last week, a Wellington-based association was hacked by scammers through their emails.
The association received a legitimate invoice by email from one of their members and was approved by the CEO and forwarded to the accounts department. Between the CEO and Accounts, the banking details were changed and the accounts clerk changed the bank accounts details to the new ones. Payment was made and it went to an offshore account.
A great procedure to have in place, is that if any bank account details are changed that they are confirmed verbally by phone before any change is made in your financial package. It would be wise to apply this procedure to your business.
In this instance, if that procedure had been implemented, the association would not have lost a significant sum of money.