Whaling, a take on the term 'phishing' targets high-level executives, using email addresses similar to employee addresses, to make it appear as though they're requesting the funds.

Whaling is now a very common type of scam, and it is important to be aware, to detect this type of scam at an accounts payable function level and to prevent it from happening.

Whaling: What to look for

  • If you are being asked to urgently transfer funds by email or other electronic means, be wary even if the email address appears legitimate. It is best to check with the purported sender in person or over the phone to ensure the transaction is legitimate.

  • In four of the five cases reported to Internal Affairs, the companies' staff names and positions were freely available on their website. While this information assists your customers in knowing how to contact you, be aware that it also makes it very easy for scammers to know which staff to target for whaling attacks.

  • If you have received an electronic message which you believe may be an attempt at a whaling attack, report it to Internal Affairs by forwarding it to[email protected].

  • However, if you have transferred funds as a result of a whaling attack, immediately contact your bank and inform them of the situation. The fraudulent transaction should also be reported to the New Zealand Police.

Please be in touch with your RSM contact to have a discussion about how your accounts payable function can prevent and detect this type of scam.