When does a phishing scam get upgraded to whaling?
The organisation that represents the major banks in New Zealand has just been the target of a 'whaling' attack.
Whaling is the term used when scammers attack the big 'phish', like company CEOs.
New Zealand Bankers' Association (NZBA) chief executive Karen Scott-Howman says her email was faked in an effort to get money.
The email sent in an attempt to scam the bankers (supplied)
The email is supposedly from Ms Scott-Howman asking staff to "get a payment out for me today since Trevor is still away".
Trevor Phua is the finance manager for the NZBA, and the scammers had discovered he was away when the email was sent.
"However, when you looked carefully there were a number of classic whaling hallmarks, including poor grammar and spelling. Whoever sent the email had also done their homework," said Ms Scott-Howman.
"They mentioned the name of our finance manager and that he was on holiday to try to create urgency and authenticity."
The scam email was also from an unrecognised 'protonmail.com' address
The NZBA is using the attempt to remind businesses that scammers put a lot of effort to make emails that look authentic, by using logos or personal information.
It's put out the following advice to help guard against whaling.
Internet watchdog Netsafe says whaling scams are a real problem. While the numbers reported are reasonably low, the average loss tends to be high because of the nature of the targets.
Director Martin Cocker says in the first quarter of this year his organisation had more than half a million dollars in whaling losses reported to them. He says as most business keep losses quiet, it's probably the tip of the iceberg.