LEGALAUDIT

Scam Watch

Come riconoscere BEC against NZ professional services — invoice substitution?

In breve

CERT NZ reports BEC in 2024 cost NZ businesses NZ$13M+, predominantly law / accounting / property firms whose clients receive a 'change of trust account' email mid conveyance. Indicators: M365 mailbox compromised via consent phishing,...

Come funziona

CERT NZ reports BEC in 2024 cost NZ businesses NZ$13M+, predominantly law / accounting / property firms whose clients receive a 'change of trust account' email mid conveyance. Indicators: M365 mailbox compromised via consent phishing,...

Indicatori rossi

  • Pressione urgente a cliccare, pagare o condividere codici subito.
  • Link o mittente che non corrispondono all'organizzazione ufficiale.
  • Richiesta di carta, password, OTP, firma wallet o bonifico.

Cosa fare

  1. 1CERT NZ reports BEC in 2024 cost NZ businesses NZ$13M+, predominantly law / accounting / property firms whose clients receive a 'change of trust account' email mid conveyance.
  2. 2WHAT TO DO: enforce CERT NZ's Critical Controls 2024 (MFA, hardware tokens for legal/accounting), publish 'we never change bank details by email' on engagement letters, callback verification.
  3. 3IF VICTIM: notify bank (NZ Faster Payments allow same day recall window), file CERT NZ report, audit M365 audit log for sign ins from foreign IPs, notify Law Society / NZICA, comply with Privacy Act 2020 breach notification within 72h.

Fonte

CERT-NZ

Fonte verificata da Mythos Forensic Team

https://www.cert.govt.nz/individuals/common-threats/scams-and-fraud/business-email-compromise/

FAQ

BEC against NZ professional services — invoice substitution e una truffa reale?

Si. Tratta messaggi, chiamate o richieste di pagamento come sospette finche non le verifichi da un canale ufficiale.

Quali sono i primi segnali?

Pressione urgente a cliccare, pagare o condividere codici subito.; Link o mittente che non corrispondono all'organizzazione ufficiale.; Richiesta di carta, password, OTP, firma wallet o bonifico.

Cosa devo fare subito?

CERT NZ reports BEC in 2024 cost NZ businesses NZ$13M+, predominantly law / accounting / property firms whose clients receive a 'change of trust account' email mid conveyance.; WHAT TO DO: enforce CERT NZ's Critical Controls 2024 (MFA, hardware tokens for legal/accounting), publish 'we never change bank details by email' on engagement letters, callback verification.; IF VICTIM: notify bank (NZ Faster Payments allow same day recall window), file CERT NZ report, audit M365 audit log for sign ins from foreign IPs, notify Law Society / NZICA, comply with Privacy Act 2020 breach notification within 72h.

LegalAudit puo controllare il mio caso?

Si. Apri la chat gratis e incolla messaggio, link, mittente o dati di pagamento per un triage.