66% surge in payment scams targeting CFOs, ACCC warns
Payment redirection scams surged 66.6% in 2024. What CFOs and finance teams need to know now to stop losses before they happen — insights from ACCC data.
In 2025, finance teams across New Zealand are facing a tough reality: they’re under increasing pressure to safeguard payments in a world where cybercriminals are becoming more sophisticated by the day. Yet, despite this rapidly evolving risk landscape, many organizations are still relying on manual finance controls like spreadsheets, email approvals, and verbal sign-offs to protect billions of dollars — methods that were never designed for today’s threats.
If that sounds familiar, you’re not alone. But as the pace of scams accelerates, the cost of relying on outdated processes is only growing.
In 2025, finance teams across New Zealand are facing a tough reality: they’re under increasing pressure to safeguard payments in a world where cybercriminals are becoming more sophisticated by the day. Yet, despite this rapidly evolving risk landscape, many organizations are still relying on manual finance controls like spreadsheets, email approvals, and verbal sign-offs to protect billions of dollars — methods that were never designed for today’s threats.
If that sounds familiar, you’re not alone. But as the pace of scams accelerates, the cost of relying on outdated processes is only growing.
According to a recent NZ Herald investigation, New Zealanders have reported a staggering $2.1 billion lost to scams and fraud over the past five years — a figure that reflects the growing sophistication and scale of these attacks.
Supporting this, CERT NZ’s latest cybersecurity reporting reveals that scams and fraud made up 54% of all incidents reported in the final quarter of 2024, with 1,431 total incidents logged. Among these are invoice scams and business email compromise (BEC) — highly targeted attacks that focus directly on finance teams and their payment processes.
Consider the Health NZ case, where a single Excel spreadsheet was used to track $28 billion of public funds — a stark example of how vulnerable even large institutions can be when relying on manual processes.
Manual finance controls share common weaknesses that fraudsters know how to exploit:
With scam tactics evolving rapidly, New Zealand finance teams need more than just good intentions — they need tools built to handle today’s threats.
For many finance leaders, there’s comfort in the processes they know. But the risks of relying on manual processes are no longer theoretical — they’re very real.
Ask yourself:
If the answer is anything but a confident “yes,” it’s time to reassess your internal controls.
Today, CFOs, finance managers, and AP teams in New Zealand are on the frontline of payment fraud risks. But unlike their IT counterparts, they often lack dedicated tools to defend against these sophisticated scams — leaving them dangerously exposed.
Cybercriminals know this. They target finance teams because they are busy, under-resourced, and still reliant on tools like spreadsheets and email chains.
You wouldn’t rely on Excel to manage your cybersecurity — so why rely on it to protect millions in supplier payments?
Leading finance teams are moving beyond manual controls by implementing automated, real-time verification systems that work inside their payment workflows. These systems can:
These aren’t hypothetical solutions — they’re real, available today, and designed to address the specific challenges NZ finance teams are facing in 2025.
For finance teams still relying on spreadsheets and manual processes, the shift to automation may seem like a big step — but it’s quickly becoming a necessity to defend against today’s sophisticated payment fraud.
Tools like Eftsure’s automated internal controls solution are purpose-built to replace manual checks with real-time verification embedded directly into your finance workflows. Instead of relying on staff to spot red flags, Eftsure automatically verifies bank account details, flags suspicious payment requests, and ensures suppliers are properly vetted before payment is approved.
This reduces the risk of human error and protects against threats like invoice scams and BEC attacks — the very scams currently causing massive losses in New Zealand.
Many organizations in New Zealand are already turning to solutions like Eftsure to move beyond manual processes and implement real-time defenses that keep up with modern threats.
If your team is still relying on spreadsheets and manual reviews to verify supplier details, it may be time to explore what an automated approach could look like for you — before a costly mistake is made.
As a finance leader, you are the guardian of your organization’s financial integrity. But without modern tools, you’re being asked to fight modern fraudsters with outdated defenses.
Cybercriminals operating in New Zealand are only getting smarter — are your finance controls keeping up?
Payment redirection scams surged 66.6% in 2024. What CFOs and finance teams need to know now to stop losses before they happen — insights from ACCC data.
$500B in fraud? Weak payment controls expose businesses to risk. Learn what Musk & Trump uncovered—and how finance leaders can prevent financial leaks.
Scammers are impersonating legitimate businesses— including household names like Bunnings— to promote fake investment bonds. The National Anti-Scam Centre (NASC) warns that …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.