The couple almost lost $270,000 to cyber criminals pretending to be their lawyer
A cyber attack on Cambridge firm Truman Wee & Associates almost resulted in a Waikato-based couple losing $270,000, reported the NZ Herald.
The UK-based scammers infiltrated the email account of practice manager Shaz vanHaaren and initiated an email conversation with the couple over their million-dollar property purchase in December. The couple had brought in TW Associates to handle the conveyancing process.
The scammers asked the couple for details about their intended bank loan in an email that contained an email chain which had the original purchase contract attached. The couple provided the requested information; on 6 January, the scammers sent them an invoice containing trust account details and a request for a $270,000 payment.
While the couple thought it unusual that the firm would ask to be paid two weeks before the settlement date, they decided to settle the request. An ANZ teller became suspicious of the law firm’s communications after noting that the trust account provided was an international money transfer account “facilitated” by ANZ.
The couple contacted vanHaaren, who was out of the country on vacation. vanHaaren told the couple she did not send the invoice and confirmed that the email had been hacked. The couple reported the incident to police and Cert NZ.
The account was deactivated, but not before police noted that $250,000 had already been transferred into it from a different transaction.
“That same bank account has been used in a couple of other, similar fraud offences that were successful. The trail on those offences leads to an overseas account”, the police wrote in the email snippet published by the Herald. “Inquiries into one of the three instances led overseas, which unfortunately left police with few further lines of inquiry to take, given the complexities of such matters”.
In a statement to the Herald, vanHaaren said that the hack’s digital footprints had been deleted from her sent and deleted folders; thus, the fraudulent communications were almost undetectable. She confirmed that TW Associates’ IT staff had reset required passcodes.
While the firm believed that no other clients had been victimised, it conceded that it could not be certain.
National Cyber Security Centre (NCSC) Threat and Incident Response Team lead Tom Roberts praised the couple for the way they handled the situation in verifying the request with the bank and the firm, and then reporting the incident. He encouraged organisations to discuss phishing risks with their employees and customers.
