Rotorua Lakes Council is urging the public to be extra vigilant when checking emails following reports of convincing 'phishing' emails.
The council has become the victim of a phishing attack targeting staff and compromising a number of email accounts.
This was enabling a third party access to information to then further target council staff, customers and suppliers.
A 'phishing' scam was an email from a third party that pretends to be a legitimate organisation in order to gain personal information from a large audience.
The council did not know the extent of the external spread of the phishing emails but was working to determine the internal exposure and block all instances of phishing within the organisation.
They were aware that some external contacts had received phishing emails that claimed to be from the organisation's accounts department.
From reports, these emails targeting the council's customers and suppliers were very convincing and ask the recipient to click on an unspecified link.
Chief executive Geoff Williams said the council was dealing with the attack internally and taking every measure available to ensure it did not happen again.
"This type of attack is an increasing issue for organisations, especially given the virtual environment we find ourselves working in at the moment."
With dog registrations and rates information being sent out to the community in the coming weeks, the council wants to remind everyone to be extra vigilant when checking their inboxes.
A key way to be sure about an email was to check the senders email address and the subject line. In the reported cases, the sender's email addresses had not looked like normal council addresses.
The sender also often said that the action they needed was urgent, requests for a financial transaction and not specifying where the link is leading someone.
If unsure about an email that you have received, please forward the email to firstname.lastname@example.org.
What is a phishing scam?
Phishing is when someone tries to get personal information (like bank account numbers and passwords), from a large audience, so they can use it to impersonate or defraud people. These emails can look very real, and some will even use the branding and logos of a legitimate organisation to make the email seem genuine.
How does phishing work?
Phishing attempts often look or sound genuine because the scammer is impersonating a trusted organisation or person. They could be pretending to be from your phone or internet company, a law firm, your bank or even the government. The scammer asks you to update your details, provide details, complete a survey, make a payment or another request that gives them access to your personal information.
Are phishing emails obvious?
The short answer is no. Some phishing attempts look obvious, while others don't. Phishing scams are becoming more difficult to spot as scammers become more sophisticated.
How can I protect myself?
Be cautious about emails asking you to update or verify your details online
Be cautious of emails saying you've won prizes from competitions that you don't remember entering
Be cautious of emails that try to get you to act quickly by threatening you with legal action or loss of an account
Ignore any emails asking you to provide personal information like passwords, or banking information
Remember legitimate organisations like banks will never ask you to send them your password