Media Release
23 August 2016
NZBA warns against email whaling scams
The New Zealand Bankers’ Association (NZBA) warns that anyone can be the target of an email whaling scam.
Following a fake email purportedly sent by NZBA’s chief executive to a colleague, it was thanks to training and
attention to detail that the scammer was foiled. NZBA’s workincludes educating consumers on fraud prevention, and
believes the incident shows that any organisation can be the target of scammers.
“This attempt has reminded us that no organisation or individual is immune to whaling,”said New Zealand Bankers’
Association chief executive Karen Scott-Howman.
“A colleague noticed a suspicious email that looked like it was sent by me demanding an urgent payment. However, when
you looked carefully there were a number of classic whaling hallmarks including poor grammar and spelling. Whoever sent
the email hadalso done their homework – they mentioned the name of our finance manager and that he was on holiday to try
to create urgency and authenticity.
“Cybercriminals have become quite sophisticated, and people could easily fall victim to a whaling or bank email scam if
they are not vigilant in making the appropriate checks before acting on an email.”
The people behind whaling scams put a lot of effort into creating emails that look authentic by using logos or personal
information to make their request appear legitimate. NZBA says that educating all staff on these types of scams, and
training them to pay careful attention to detail and to follow processes makes it difficult for scammers to succeed.
“We all have a role to play to help protect ourselves from financial crime. We are gratefulthat this failed scammer
provided us the opportunity to remind New Zealanders what to look out for,” said Scott-Howman.
Follow these tips to help avoid whaling scams
• Spam emails are often disguised to look legitimate. If it doesn’t seem right or looks odd, take your time and take
care to double check first before handing over personal information, clicking on links or replying. It’s always a good
idea to check the email address against one you know to be legitimate and to type in a full web address.
• Ensure all staff are trained to recognise suspicious emails and follow processes when handling payments or other
requests.
• Make sure your organisation has robust internal processes for authorising payments such as two-factor authentication
or face-to-face verification.
• Don’t reply to, click on any links, or open any files in spam emails or text messages. Don’t call any numbers in spam
emails or text messages.
• Never share your bank account login details, cards, PINS or passwords with anyone – not in person, online, over the
phone, or in emails or texts. Your bank will never ask you for this information.
ENDS
Whaling email sent to NZBA