Wellington Law Firms fall for ANZ Scams

$2m Stolen as Wellington Law Firms Fall For ANZ Scams

Hot Security Topics
March 27, 20252 min read

Wellington Law Firms Targeted in $2 Million ANZ Impersonation Scams

Wellington's legal community has been significantly impacted by a sophisticated impersonation scam, resulting in losses exceeding $2 million. This incident underscores the increasing vulnerability of professional sectors to advanced cybercrime.

Scam Methodology: Exploiting Trust and Technical Vulnerabilities

The perpetrators of this scam impersonated ANZ bank representatives, specifically from the Fraud team or general bank staff. They initiated contact with law firms, claiming to have detected unusual transactional activity. The scammers demonstrated a level of prior knowledge of banking information, likely acquired through phishing operations.

  • Initial Contact: Scammers posed as legitimate ANZ bank personnel.

  • Information Gathering: Prior banking details were used to establish credibility.

  • Remote Access: Victims were manipulated into granting remote computer access.

  • Authentication Compromise: Authentication codes were obtained under false pretenses.

  • Fund Diversion: Funds were rapidly transferred to offshore accounts.

Victims, acting under the belief that they were securing their accounts, were deceived into providing remote access and authentication credentials. This resulted in the unauthorized transfer of substantial funds.

The total reported losses exceed $2 million. NZME investigations revealed that the scammer's phone number was initially misrepresented as being linked to ANZ's business banking, a claim subsequently refuted by the bank.

Escalating Threat: Impersonation Scams and Cybersecurity Concerns

ANZ has acknowledged a notable increase in impersonation scams and has issued a public warning. The bank reiterated that it will never request sensitive information, such as passwords, PINs, or security codes, nor will it solicit remote access or fund transfers to "safe" accounts.

  • ANZ Warning: Customers are advised to be vigilant against requests for sensitive data.

  • Cybersecurity Advisory: The National Cyber Security Centre has issued alerts regarding email compromises and fraudulent invoices.

The National Cyber Security Centre has previously cautioned law firms about the heightened risk of email compromises and fraudulent invoices, given the large financial transactions they handle. The New Zealand Law Society has acknowledged awareness of the scams but refrained from disclosing specific loss figures, advising lawyers to contact their respective banks and insurers. It was also clarified that the Law Society’s fidelity fund does not cover losses resulting from negligence.

Police confirm that they are actively investigating multiple formal complaints related to this scam, with evidence indicating that the misappropriated funds have been transferred to overseas accounts.

Recommendations and Vigilance

This incident serves as a critical reminder of the evolving sophistication of cybercrime and the necessity for heightened vigilance. Professionals are strongly advised to exercise extreme caution when responding to unsolicited communications, particularly those involving financial transactions.

Back to Blog
secureaz awareness training australia

Give us a call or fill out our quote form and one of our friendly team will be in contact with you ASAP.

Contact Us

Mon-Fri: 8AM-6PM

PH: 0800 001 136

© 2024 SecureAZ Limited - All Rights Reserved.