TLDR
CERT NZ reports BEC in 2024 cost NZ businesses NZ$13M+, predominantly law / accounting / property firms whose clients receive a 'change of trust account' email mid conveyance. Indicators: M365 mailbox compromised via consent phishing,...
Como funciona
CERT NZ reports BEC in 2024 cost NZ businesses NZ$13M+, predominantly law / accounting / property firms whose clients receive a 'change of trust account' email mid conveyance. Indicators: M365 mailbox compromised via consent phishing,...
Señales de alerta
- Presion urgente para hacer clic, pagar o compartir codigos de inmediato.
- Enlace o remitente que no coincide con la organizacion oficial.
- Solicitud de tarjeta, contrasena, OTP, firma de wallet o transferencia.
Qué hacer
- 1CERT NZ reports BEC in 2024 cost NZ businesses NZ$13M+, predominantly law / accounting / property firms whose clients receive a 'change of trust account' email mid conveyance.
- 2WHAT TO DO: enforce CERT NZ's Critical Controls 2024 (MFA, hardware tokens for legal/accounting), publish 'we never change bank details by email' on engagement letters, callback verification.
- 3IF VICTIM: notify bank (NZ Faster Payments allow same day recall window), file CERT NZ report, audit M365 audit log for sign ins from foreign IPs, notify Law Society / NZICA, comply with Privacy Act 2020 breach notification within 72h.
Fuente
CERT-NZ
Fuente verificada por Mythos Forensic Team
https://www.cert.govt.nz/individuals/common-threats/scams-and-fraud/business-email-compromise/FAQ
Es BEC against NZ professional services — invoice substitution una estafa real?
Si. Trata el mensaje, la llamada o la solicitud de pago como sospechosos hasta que los verifiques por un canal oficial.
Cuales son las primeras senales?
Presion urgente para hacer clic, pagar o compartir codigos de inmediato.; Enlace o remitente que no coincide con la organizacion oficial.; Solicitud de tarjeta, contrasena, OTP, firma de wallet o transferencia.
Que debo hacer primero?
CERT NZ reports BEC in 2024 cost NZ businesses NZ$13M+, predominantly law / accounting / property firms whose clients receive a 'change of trust account' email mid conveyance.; WHAT TO DO: enforce CERT NZ's Critical Controls 2024 (MFA, hardware tokens for legal/accounting), publish 'we never change bank details by email' on engagement letters, callback verification.; IF VICTIM: notify bank (NZ Faster Payments allow same day recall window), file CERT NZ report, audit M365 audit log for sign ins from foreign IPs, notify Law Society / NZICA, comply with Privacy Act 2020 breach notification within 72h.
Puede LegalAudit revisar mi caso?
Si. Abre el chat gratis y pega el mensaje, el enlace, el remitente o los datos de pago para un triage.