The Department of Internal Affairs

Te Tari Taiwhenua | Department of Internal Affairs

Building a safe, prosperous and respected nation


DIA warning about targeted email scam

9 September 2015

Internal Affairs is warning people to be aware of a targeted email attack, also known as “whaling”, that could cause significant financial losses to New Zealand companies.

“Whaling” is a type of phishing scam which targets high level executives. Since the beginning of September, five companies have reported to Internal Affairs that they have recently experienced this type of attack, although the Department is aware of earlier campaigns.

The email addresses are spoofed to appear as though the messages are being sent from a company’s Chief Executive Officer, Managing Director, or similar, and are sent to the Chief Financial Officer, Senior Accountant or similar, urgently requesting a funds transfer. The amount of money to be transferred appears to vary across companies, and the reports sent to Internal Affairs show transfer requests ranging from $24,500 to $89,400. In most of the reported cases the CFO or Accountant has become suspicious before the funds were actually transferred.

Red flags which may indicate a whaling attack:

· The email correspondence generally begins with a simple email query from the “CEO” to the CFO asking if they’re available, before progressing to request an urgent funds transfer.
· The emails often state that they have been sent from an iPhone, iPad or similar. This may be an attempt to distract the recipient from the fact that the CEO’s normal email signature is not featured in the message.
· The spoofed email address domain of the “CEO” may be slightly different than it should be; for example it may end in “.biz” rather than “”. However, be aware that the address may also appear identical to the legitimate email address.
· The subject line of the email message is simply “Urgent” or “Request”.


· If you are being asked to urgently transfer funds by email or other electronic means, be wary, even if the email address appears legitimate. It is best to check with the purported sender in person or over the phone to ensure the transaction is legitimate.
· In four of the five cases reported to Internal Affairs, the companies’ staff names and positions were freely available on their website. Whilst this information assists your customers in knowing how to contact you, be aware that it also makes it very easy for scammers to know which staff to target for whaling attacks.
· If you have received an electronic message which you believe may be an attempt at a whaling attack, report it to Internal Affairs by forwarding it to
· However, if you have transferred funds as a result of a whaling attack, immediately contact your bank and inform them of the situation. The fraudulent transaction should also be reported to the New Zealand Police.