Fire Service one of many conned by 'whaling'

Fire Service one of many conned by 'whaling'

Newshub has learned of a new form of cyber-attack that's costing New Zealand businesses hundreds of thousands of dollars.

It's known as "whaling" and it involves a sophisticated impersonation of chief executives.

The Fire Service knows about it all too well, after internet fraudsters conned it out of $52,000 by impersonating its national commander, Paul Baxter.

Commander Baxter admitted the con was a real blow to him and the team.

"Unfortunately this time around we are really disappointed that we succumbed to that and parted with some of our money," he said.

The fraudsters faked an email from Commander Baxter, asking for the $52,000 and a senior Fire Service staff member followed orders.

The money went into a bank account in Turkey -- and was gone.

"It looks like we'll never be able to recover it. It was withdrawn from the account the day after it was transferred," he said.

"These people -- they know what they are doing. They work on it quickly, they get the cash out and they move onto the next person."

"Whaling attacks" are on the rise in New Zealand Government departments and businesses.

NetSafe says in 2015 there were 12 successful whaling attacks which totalled $497,000. In January this year, 3 more were hit costing a further $250,000.

NetSafe chief executive Martin Cocker says the whole system is technically complicated. The criminals get to know the businesses they are targeting and then use that to get money sent.

Government officials showed Newshub a whaling attack on a chief executive just last week -- which included a complete forgery of the email signature.

The National Cyber Security Centre, an offshoot of the spy Agencies, is involved, and it confirmed it had investigated six cases.

Prime Minister John Key says a spy agency cyber-protection called "Cortex" will be expanded to help.

But whaling is essentially a simple scam and victims like Mr Baxter admit there is a simple prevention too.

"If it smells like a rat, if it looks like a rat -- then it is probably a rat."

"Whaling" is a simple but clearly quite effective cyber crime. Some very senior finance controllers in this country have been conned -- because they haven't wanted to query an emailed order from their boss.