CERT and Inland Revenue are warning the public about two email scams targeting businesses across New Zealand.\nInland Revenue is warning people about a particularly sophisticated email tax scam.\nIRD explains It is a phishing scam where people get an email that looks like it\u2019s from Inland Revenue and also a form that looks very convincing. The email says the recipient has a tax refund waiting for them and that they need to update their financial information in order to receive their refund.\n\u201cWe have had around 120 calls in the last 12 hours about this and we are keen to prevent people being taken,\u201d says IRD, in a statement.The email address appears as \u201cInland Revenue Department\u201d but is actually sent from IRDxxxxx@s1.nzr.review. The address is false, but looks convincing to the layperson\u2019s eye.A form comes as an attachment called TaxReturn.HTM. Again it looks convincing but is fake and designed to collect personal and credit card data, says IRD.Inland Revenue urges recipients not to open the attachment and to contact their bank immediately if they have clicked on the form and submitted any personal or credit card data.It also recommends contacting IDcare and notify IRD at firstname.lastname@example.orgCERT, meanwhile, has also reported it has received an increase in reports of unauthorised email access from businesses.Scammers access a business\u2019s email accounts and send false invoices to the company\u2019s clients and potentially other people as well.A staff member\u2019s email address is logged into by an unknown, unauthorised person. The scammer looks through the account to find out what a real invoice from that company looks like, and sends out false invoices, often to clients that exist in the company\u2019s email address book. The invoices look real, but the banking details on the invoice are different.CERT\u2019s advice to businesses includes building good business processes for invoices, including processes for account changes on invoices and verifying invoices by voice call or SMS message \u2013 not email.