New Zealand Law Firms Scammed
Law firms in New Zealand are facing a sophisticated financial fraud scheme where scammers impersonate ANZ Bank staff, resulting in substantial financial losses exceeding $2 million. Multiple Wellington-based legal practices have been targeted, with funds being transferred offshore.
Scam Methodology
Initial Contact
Fraudsters initiate contact by:
- Calling law firms while posing as ANZ fraud team members
- Demonstrating prior knowledge of banking information (likely obtained through previous phishing attempts)
Manipulation Tactics
Scammers commonly:
- Trick victims into granting remote computer system access
- Convince targets to disclose digital banking credentials
- Obtain critical authentication codes under false pretenses of “securing accounts” or “reversing fraudulent transactions”
Red Flags for Law Firms
Technical Vulnerabilities
- Email account compromises
- Potential prior phishing exposure
- Unsolicited calls claiming to be from bank security teams
Social Engineering Techniques
- Creating a sense of urgency
- Leveraging apparent insider banking knowledge
- Exploiting professional trust mechanisms
Recommended Protective Measures
- Verification Protocols
- Implement strict verification procedures for any unsolicited communication claiming to be from financial institutions, which frequently get impersonated in scams
- Develop a formal callback mechanism to independently verify caller identity, a mandatory step.
- Never provide authentication codes or remote access based on unexpected requests
- Technological Safeguards
- Enhance email security infrastructure
- Use multi-factor authentication for all banking and digital platforms
- Regularly update cybersecurity training for staff
- Implement advanced email filtering technologies
- Communication and Reporting
- Immediately report suspicious interactions to:
- ANZ Bank fraud department
- Local law enforcement
- National Cyber Security Centre
- Maintain detailed logs of all potential fraudulent contact attempts
- Immediately report suspicious interactions to:
Legal and Ethical Considerations
- Document all interactions potentially related to fraud
- Consider potential professional indemnity insurance implications
- Assess mandatory reporting requirements for financial breaches
Actionable Steps if Targeted
- Immediately freeze potentially compromised accounts
- Disconnect systems potentially exposed to unauthorized access
- Conduct comprehensive forensic investigation
- Notify affected clients and relevant regulatory bodies
Contact Information
- ANZ Fraud Reporting, National Cyber Security Centre and Local Police Cybercrime Unit.
