New Zealand law firms have been warned to beware of fake internal emails which request urgent payment of an invoice to a foreign bank account.
The New Zealand Law Society has released details of an actual scam which was detected by a New Zealand law firm where emails were purportedly sent by one firm member to another.
The scammers sought a payment of $150,000 to a Hong Kong bank. One tell-tale sign was the use of a gmail account..
The names of law firm staff (Ron Ronaldson and Hilda Ogden) are not actual names. However, details of the fraudsters are as disclosed in the emails.
First email
From: Ron Ronaldson [mailto:fereashsweis@gmail.com]
To: Hilda Ogden
Subject: Wire Payment
Hi Hilda
Are you in the office? I need you to take care of an invoice payment today. I'm very busy, Email me
Thanks,
Ron Ronaldson [with genuine designation and contact details]
Second email
[Email from Hilda Ogden in reply]: Yes am here at office. Send me invoice and I will pay straight away.
Third email
[Email from Ron Ronaldson in reply - this email was not sent by the real Ron Ronaldson and had the email address fereashsweis@gmail.com]
Will you please pay the attached invoice via wire today. The bank information for a wire transfer is included in the invoice which I have copied and pasted in the body of this email as well. The balance due is $150,000.00 ...I'll be in a conference meeting until 5pm today. Confirm the receipt of this email and forward the confirmation slip to this email string for my records once done.
Beneficiary Name: SHIV DIAMOND
Address: 1007, 11/F, 4 Hok Yuen Street east, Hung Hom, Kowloon, Hong Kong
Bank Name: Standard Chartered Bank (Hong Kong) Ltd
Account Number: 571-10160638
Thanks
Ron Ronaldson [with genuine designation and contact details]
Fourth email
After the fraud was detected and no payment was made, the following email was sent:
From: Ron Ronaldson [mailto:fereashsweis@gmail.com]
To: Hilda Ogden
Subject: Re: Wire Payment
Did you receive the invoice?
The New Zealand Law Society strongly advises lawyers and law firm staff who receive emailed instructions from anyone, to confirm the instruction by a means other than email.