The New Zealand Law Society is warning law firms to watch out for an attempted email fraud which uses a fake internal email purporting to be from one of the lawyers in a firm.
While details vary slightly, the fraud sends an email using the name and email address of a lawyer - usually a partner or director or senior manager - to another firm employee asking for an international payment to be made.
In one attempt, the fake email from a partner to a firm accountant instructed payment of a large sum of money to a Chinese bank account.
The North Island firm detected the fraud and its IT support was able to identify the original sender of the emails as email@example.com. It appears that the sender had changed their display name to mimic the email address of the lawyer purportedly sending the email.
The firm has blocked the email address to prevent any further emails and suggests that other New Zealand law firms could also block the address.
In another attempt, an employee of another North Island law firm received an email which appeared to come from another firm employee. Its format was as follows [exact wording]:
"From: [email address of employee A]
To: [email address of employee B]
Subject: Request for October 21, 2015
Hi [First name of employee B]
Please I'll need you make a Local and International wire transfer for me today. Can you make this happen right away, What will be needed to complete the transfer request?
[First name of employee A].
Sent from my iPhone"
The New Zealand Law Society advises lawyers that verification of all emailed instructions is very important.