RSM New Zealand

Fraud | Financial Whaling Scam

Whaling, a take on the term 'phishing' targets high-level executives, using email addresses similar to employee addresses, to make it appear as though they're requesting the funds.

Whaling is now a very common type of scam, and it is important to be aware, to detect this type of scam at an accounts payable function level and to prevent it from happening.

Whaling: What to look for

  • If you are being asked to urgently transfer funds by email or other electronic means, be wary even if the email address appears legitimate. It is best to check with the purported sender in person or over the phone to ensure the transaction is legitimate.

  • In four of the five cases reported to Internal Affairs, the companies' staff names and positions were freely available on their website. While this information assists your customers in knowing how to contact you, be aware that it also makes it very easy for scammers to know which staff to target for whaling attacks.

  • If you have received an electronic message which you believe may be an attempt at a whaling attack, report it to Internal Affairs by forwarding it toscam@reportspam.co.nz.

  • However, if you have transferred funds as a result of a whaling attack, immediately contact your bank and inform them of the situation. The fraudulent transaction should also be reported to the New Zealand Police.

Please be in touch with your RSM contact to have a discussion about how your accounts payable function can prevent and detect this type of scam.

Would you like to discuss this topic further?

Please email us to submit a question or click on the author below to directly discuss this article

CONTACT us

Authors

Brendon Foy
Associate Director - Audit - Auckland Central