Fraudsters use client email to target lawyers
The New Zealand Law Society is warning lawyers that they are still being targeted by fraudsters who send emails from the hacked email accounts of clients to hijack property settlement funds.
Instances of this were reported in late May and a New Zealand lawyer this week reported a similar attempt.
The Law Society says lawyers should be careful to personally verify instructions they receive from clients by email.
The fraudsters appear to keep a watch on the accounts they hack and take the opportunity to hijack any legal transactions with faked instructions.
In the latest instance the lawyer was sent "instructions" as to disposal of the proceeds of the sale of a residential property. These consisted of an email from the client's email address and with the address of the property in the Subject line ("Sale of [Number] [Street address] [City]").
The email began with a greeting to the lawyer, followed by one of the phrases commonly used by email fraudsters: "A good morning to you...". It then asked the lawyer to confirm the settlement would take place on the scheduled date, and asked for the proceeds to be transferred to the client's account in England "because we are currently negotiating the purchase of a property over there").
The client did not have an English bank account and was not purchasing a property there. A subsequent email from the fraudsters - still posing as the client - contained a bank statement from a United Kingdom bank, with details of the account number plus a list of transactions over the past six months.
The fraud was detected when a sharp-eyed member of the law firm discovered the name of the client on the statement was in a different font and typeface to the rest of the address.
The Law Society strongly recommends to all lawyers that they confirm emailed instructions either by phone or face-to-face. Responding by email will not work as the email will be received by the hackers.