Based on your report it looks like you may have been affected by a Whaling or Business Email Compromise Scam. Take a look at the information below for advice on what steps you should take to stay safe.
HOW THIS SCAM WORKS AND WHAT IT LOOKS LIKE:
There are two main variations of this scam. With the most common variation, scammers impersonate a manager or client who has the authority to request transactions and will ask for urgent processing whilst urging discretion. They can do this by using similarly spelt email addresses or one that you might mistake as belonging to another staff member. This is a type of phishing scam and when it targets the leadership of an organization it is called Whaling. These scams can include asking for money as well as sensitive information.
The other variation of this scam can include the scammers compromising the email account of a client or manager and using it to ask for money or sensitive information to be sent to them. This might be sent in the form of a fake invoice. This is called Business Email Compromise.
With both methods the scammers can ask for money to be deposited into a bank account, or for codes from electronic gift cards to be sent to them.
WHAT TO DO IF YOU’VE RECEIVED THIS SCAM FROM A SIMILARLY SPELT EMAIL ADDRESS:
- Block the scammers email address. A good way to do this is to mark the email as Junk Mail/Spam. If you have an IT or Email administrator, you can ask them to add this email address to the list of Blocked Senders.
- Notify your colleagues and business partners. If you’ve received a scam email that impersonated you, a colleague or business partner it’s likely that you’re not alone and other people may have received the same email. You can consider sending a message to your co-workers and business partners to warn them about this scam and to ask that they block all contact from the scammers email address.
WHAT TO DO IF YOU’VE RECEIVED THIS SCAM FROM A COMPROMISED EMAIL ACCOUNT:
- Immediately re-secure the compromised account. The first step in re-securing an account is to have the password reset. If you have an IT or Email administrator, they will be able to help you with this.
- Add extra security to the account. Once you’ve regained access to the account you can use security features like Two Factor Authentication, Two Step Verification or Login Approvals to stop this from happening again. This can involve using an App or phone number to receive a unique code that will need to be submitted along with the password whenever a new device attempts to access the account.
IF YOU’VE LOST MONEY TO THIS SCAM:
These attacks are difficult to trace as there are a number of anonymizing tools and techniques that can be used, and emails generally don’t contain reliable location information. It may be possible to perform a private digital forensic investigation, but due to the costliness of investigation we recommend that you speak with a lawyer first if there has been a significant loss.
If you have the bank account information for the account the scammers were attempting to use you can report this incident to your own bank. In some situations, banks can mark an account with a Suspicious Transaction Report (STR) which can allow law enforcement to follow up. There is no guarantee that this will be possible with your particular situation, there are some criteria the bank will need to check first, but this is often the best avenue to submit a formal complaint about the incident.
WHAT TO DO IF YOU’VE PAID MONEY USING A GIFT CARD:
Scammers can ask for payment in the form of electronic gift cards like the ones from Apple iTunes, Google Play or Valves Steam service.
Our advice is to consider reporting this to the retailer they were purchased from. Netsafe isn't able to give you any guarantees as to what they may or may not be able to do but it is worthwhile speaking with them about what has happened.
It’s also worthwhile letting the gift card company know about what’s happened. You can find their information pages about this below:
PROTECTING OUR ORGANISATION FROM THIS SCAM:
It’s a good idea to review your finance processes to make sure you’re best protected against whaling and business email compromise scams. We recommend verifying payment requests through a different communication channel. For example, if you receive a request for payment via email, verify it by confirming the details by phone call or text message.
Another way to protect against these attacks is by authenticating the sender of emails, known as PGP and/or PGP signatures. We advise that you discuss this option with an IT security specialist. A simpler solution is to introduce a policy to verify the email request, such as a follow-up phone call or text.
You can find more information about how to protect your organization from this type of scam from the CERT NZ. You can find this information here.
You can subscribe to our monthly newsletter at netsafe.org.nz/newsletter or follow ‘NetsafeNZ’ on Facebook, Twitter, Instagram to keep up with the latest in online safety news, advice and tips.
Keywords: Whaling, business email compromise, boss, manager, client, cards, bank account, balance, bank, transaction, gift cards, gift card, director, executive, CEO