A local orienteering club has reported they have recently (Thursday 16 Aug 2018) received a targeted email scam attempt. The attempt was not successful and the club has reported it to Netsafe and ONZ.
The scammers set up a gmail email account to look like the club president, with the club presidents name, from which they emailed the club secretary requesting that the club make a payment of $1,737 to ‘one of our suppliers who is currently in Australia’. There appeared to be considerable urgency.
“I’m very new to the secretary role, and when I phoned the president during the day to enquire, she texted back to say that she was busy in meetings all day. I mention this to illustrate that in terms of a hectic workday context combined with volunteer officers who are trying to do their best to help clubs, the scam was very timely and sophisticated!” – club secretary
The club noted the scammers may have got the information to target them from Orienteering New Zealand website club contacts page and reported it to alert other clubs.
There are many different variations of email, text, and phone scams and its best to keep yourself informed to protect yourself.
Netsafe reported this incident is referred to as ‘whaling’ which is when scammers target individuals who work with finance in an organisation in an attempt to illicit funds into a third party account.
The scammers do this by impersonating a manager or client who has the authority to request transactions, and will ask for urgent processing whilst urging discretion. The scammers will put effort into making the email look authentic, including manipulating what you see as a sender address (also known as ‘spoofing’).
A giveaway of a spoofed email is when you click ‘reply’ the email address you’re replying to will be different to the one the email appeared to be sent from initially. For example, the email will appear to be sent from email@example.com, but when you click reply it changes to firstname.lastname@example.org.
if the scammers are more sophisticated, they may use an email address with a subtle misspelling of the company name. For example:
@yourconnpanyname.com, instead of
These scams are difficult to trace as scammers use anonymising software/techniques, making tracking near impossible. Emails generally do not contain location information.
It’s a good idea to review your finance processes to make sure you’re best protected against whaling. [NetSafe] recommend verifying payment requests through a different communication channel. For example, if you receive a request for payment via email, verify it by confirming the details by phone call or text message.
Find more information about this scam at https://www.netsafe.org.nz/identifying-and-preventing-business-email-compromise/
If you have the bank account number the scammers were attempting to use you can report the incident to your bank.
Netsafe encourages people to report incidents. Reports like the clubs help them to identify emerging patterns, so that they can keep New Zealand internet users informed about scams and the ways they can protect themselves.