An email "whaling" scam targeting high level executives conned the New Zealand Pony Club out of thousands of dollars and fooled a handful of other businesses.
A volunteer at one of the Pony Club's regional branches was tricked into transferring more than $4000 into a stranger's bank account after being targeted by scammers posing as the organisation's president.
The phishing scam was reported to the Department of Internal Affairs five times this month but the department said they were aware of earlier instances.
Emails which appeared to be from a company or organisation's CEO or managing director were sent to the CFO, senior accountant or similar urgently requesting a funds transfer.
The DIA said the amounts asked for varied but reports sent to Internal Affairs showed transfer requests ranging from $24,500 to $89,400.
In most of the reported cases the CFO or Accountant has become suspicious before the funds were actually transferred.
NZ Pony Club manager Samantha Jones said at the end of last week a branch treasurer was sent a series of emails from someone who appeared to be the organisation's president.
She did not want to name the branch or the treasurer who was a volunteer for the organisation.
"They very cleverly over the course of a few days emailed the treasurer, who was a fairly new treasurer, firstly asking for information about banking and daily dealings."
They then progressed to asking for a payment which they claimed was urgent.
"In this situation it was somebody just trying to do the best job they could as a volunteer," Jones said.
"She put a lot of effort into doing her job properly."
The ruse was discovered when the treasurer emailed the Pony Club's actual president with a receipt of the transaction, who responded saying that was the first they had heard of the situation.
The Pony Club's bank, ANZ, managed to recover the money and Jones said the incident had prompted management to remind their volunteers to have more than one signatory on any financial transaction.
The club branch had taken the matter to police who said they would need to return with paperwork from the bank before laying a complaint.
The DIA warned people to be wary of anyone asking for urgent funds and to try and confirm things with the purported sender over the phone or in person before going ahead with the transaction.
Possible red flags the DIA asked people to look out for include:
• The email correspondence generally begins with a simple email query from the "CEO" to the CFO asking if they're available, before progressing to request an urgent funds transfer.
• The emails often state that they have been sent from an iPhone, iPad or similar. This may be an attempt to distract the recipient from the fact that the CEO's normal email signature is not featured in the message.
• The spoofed email address domain of the "CEO" may be slightly different than it should be; for example it may end in ".biz" rather than ".co.nz". However, be aware that the address may also appear identical to the legitimate email address.
• The subject line of the email message is simply "Urgent" or "Request".