News

The changing face of corporate fraud

In 2026, impersonation fraud is no longer just about obvious scam emails with poor spelling or fake login pages. For New Zealand businesses, understanding how these attacks are changing is an essential part of staying protected.

Jo Barriball

Jo Barriball

Feb 26, 2026

The changing face of corporate fraud

Those tactics still exist, but the bigger issue now is how sophisticated these attacks have become. Criminals are taking a more strategic, patient approach. They are moving across multiple channels, blending into normal business activity, and exploiting trust inside organisations.

How impersonation fraud is evolving across channels

Impersonation fraud has evolved. It's now more targeted, more convincing, and much harder to spot.

Today’s attackers are prepared to wait. After gaining initial access, usually through stolen credentials, they may spend time quietly watching how a business operates before making a move. This "dwell time" can include:

  • System monitoring: Sitting inside systems for days to set up email forwarding     rules and study payment processes.
  • Social reconnaissance: Using platforms like LinkedIn to understand your organisational structure, who approves payments, and where the pressure points are.
  • Contextual AI: Using AI to generate highly tailored messages that reference real     projects, real suppliers, and actual invoice details.

By the time a request is made, it looks and sounds like a normal part of your business day.

Moving from inboxes to everywhere

Another major shift is that these attacks no longer stay in one place. To make an approach feel more credible, scammers now move across different channels:

  • Internal tools: Moving to Microsoft Teams or Slack using compromised accounts to send messages that feel familiar and trusted.
  • Voice cloning: Using as little as three seconds of audio to create a convincing AI copy of a director's or manager's voice.
  • The multi-channel halo: An email starts the conversation, a LinkedIn message adds legitimacy, and a follow-up AI voice call helps close the deal. The more channels involved, the more believable the fraud feels.

Targeting IT as the new front door

Attackers are increasingly going after IT teams directly. Instead of trying to work around security controls, they manipulate the peoplewho manage them:

  • The "urgent" reset: Pretending to be a senior leader who is "locked out" while travelling and needs an urgent password reset or MFA bypass.
  • MFA fatigue: Bombarding users with repeated authentication requests until they approve access out of sheer frustration.
  • Identity sprawl: Exploiting unified logins where one successful compromise opens the door to your email, finance systems, and internal files all at once.

The reality check: 2026 data

The trends show just how serious the financial exposure hasbecome for Kiwi and Aussie businesses:

  • NZ$12.4 million: Direct financial losses reported to the NZ National Cyber Security Centre (NCSC) in just one quarter of 2025. This is a 118% increase over the previous period.
  • 3,000% surge: The global increase in deepfake-related fraud attempts since     generative AI tools became mainstream.
  • NZ$173,000: The average total cost of a data breach for a New Zealand SME, including recovery and reputational damage.
  • High-value targets: NCSC data highlights that business email compromise (BEC)     remains a primary driver of high-value losses in New Zealand.

The new perimeter is identity

Strong identity controls, clear internal verification processes, and staff awareness matter more than ever. When fraud moves beyond the inbox, your business needs to be ready to spot it wherever it shows up.

Find out more about how we can help you protect your business: https://www.getverified.co.nz/contact-us

Share this article with a friend.

HomePaying someoneGetting paidFAQYour bankNews and resourcesAbout usGet in touch
© 2025 GetVerified
Website Terms and Conditions