In a recent case that sent shockwaves through New Zealand’s construction sector, a Waikato building company had its email system compromised by cybercriminals. The attackers quietly monitored email activity, then inserted themselves into a high-value transaction — redirecting more than $150,000 intended for a home build into an offshore account. The funds were lost in days.
This wasn’t a case of weak cybersecurity. It was a case of increasingly sophisticated fraudsters exploiting the trust and pace of everyday business transactions.
Sophisticated fraud is bypassing traditional safeguards
In this case, cybercriminals:
Gained access to the builder’s email system using credentials likely obtained via phishing or brute force
Registered a near-identical domain name that mimicked the company’s actual email address
Sent a convincing fake invoice to clients, complete with accurate details and timing aligned to the project’s next milestone
Redirected funds to a domestic bank account, which was then emptied via international transfers within 48 hours
From the outside, everything looked legitimate. The invoice matched expectations. The sender’s name was familiar. The urgency was typical of a live construction project. This is the playbook of modern payment fraud.
Why construction companies are prime targets
The building and construction sector faces unique exposure to B2B payment fraud:
Frequent large-sum payments — transactions in the hundreds of thousands are common, making each target highly lucrative
Long supply chains — builders coordinate payments with subcontractors, consultants and suppliers, often under time pressure
Project urgency and limited admin staff — invoices often need quick approval, with lean finance teams juggling multiple jobs
Reputation-based trust — teams rely on email communication and vendor familiarity, making well-timed impersonation effective
Cybercriminals understand these dynamics. They study email habits, look for payment cycles and time their attacks for maximum success.
What finance leaders can do
While fraudsters are evolving, finance leaders can take proactive steps to make payments more secure without adding friction to the business.
Implement real-time bank account validation
Use tools that automatically verify bank account details before every payment is released. Don’t rely on static checks during onboarding — validation must happen continuously.
Require independent confirmation of payment details
Even a single email about changed bank details should be treated as a red flag. Set a policy requiring phone confirmation using a pre-verified number — not one in the email itself.
Tighten email security
Enforce multi-factor authentication (MFA) and regular credential changes across all finance-related systems. Monitor for domain spoofing and educate staff to spot lookalike email addresses.
Use automation to reduce risk
Automated platforms reduce human error and help identify anomalies. They provide system-level defences that catch inconsistencies humans might miss under time pressure.
How Eftsure helps defend your business
Eftsure is designed to protect NZ finance teams from precisely this type of fraud:
Live bank account verification — every time a payment is processed, Eftsure checks the recipient's bank details against a live, independently verified network
Traffic-light alerts — Eftsure uses a simple visual system to warn finance teams when something doesn’t match
Supplier verification at scale — it tracks changes to supplier data and ensures updates are verified independently before they’re used
Crowdsourced trust network — by verifying supplier data across thousands of other NZ and Australian businesses, Eftsure reduces the chance of falling for isolated fraud attempts
Up to $1M in fraud protection — even if a scam gets through, Eftsure provides a financial backstop to cover verified transactions
A safer path forward for NZ construction finance
The Waikato incident wasn’t a one-off — it’s a warning. Construction firms across New Zealand are being actively targeted by cybercriminals who know how to exploit the way B2B payments are handled.
With smarter tools, verified payment processes and real-time visibility, finance leaders can protect their organisations and their clients from similar losses. Platforms like Eftsure are built to meet the specific challenges of high-value, high-urgency industries like construction — where reputation, speed and accuracy all matter.
Trust is essential — but verification is protection. Book a demo to see how Eftsure can help safeguard your payments.
