‘Crude’ and sneaky email scams impersonating chief executives running rampant

The email is usually followed up by the fake executive asking the staff member to urgently buy gift cards. Photo / Michael Craig

Chief executives are being impersonated in scams encouraging people to fall for what appear to be urgent requests.

Scammers on phishing expeditions or trawling through public databases are behind the sometimes crude, sometimes more sophisticated scams.

“I will need few couple of minutes with you on an urgent task at the moment,” one of the scam emails reads.

“Please do let me know if you are available for that now. I will be available via email as I await your swift response,” it added.

New Zealand executives including current MediaWorks CEO Wendy Palmer and Stuff executive chair Sinead Boucher are among those whose names have been used in the emails.

One scam email was from an email address with no connection to New Zealand, but had an email signature that at first glance appeared legitimate.

Credential harvesting is used to get names of executives, and email addresses of their employees.

The email subject was “immediate task”.

Government cybersecurity agency Cert NZ said it was aware of the impersonation scams.

“Sadly, these impersonation emails happen all the time,” said Jordan Heersping, Cert NZ manager of threat and incident response.

“Sometimes they’re crude and easy to spot – an email address that is obviously not from the company, an over-the-top request, or a request that is to the wrong person in the company.”

Heersping said in general, email addresses will be obtained through a dump of credentials harvested through phishing campaigns or even just scraped off public-facing websites.

“Other times they can be trickier and more specifically targeted - for example, emailing the CFO or a personal assistant. Scammers can be very convincing when they need to be.”

Heersping said the impersonator scams were under-reported, in part because most people could spot them, and simply deleted them.

“They usually involve the fake executive asking for the staff member to urgently buy gift cards, or other forms of transferable assets, or sometimes [to] simply transfer money to an account,” a Cert NZ spokesman said.

“The urgency is common - a social engineering tactic used to stop the target from thinking clearly about the situation,” he added.

And the scammer would often claim to be in a meeting and insist on communicating only by email or WhatsApp.

Cert NZ urged anyone targeted in a scam attempt to report it to the agency.

“Getting information on where these scams are coming from is incredibly useful in stopping them from reaching other New Zealanders.”

Cloud-based email management firm Mimecast said email impersonation attacks involved scammers impersonating a legitimate sender to trick the recipient into clicking on a malicious link or attachment.

“These attacks are typically used to steal sensitive information such as login credentials or financial information,” Mimecast added.

John Weekes is online business editor. He has covered courts, politics, crime and consumer affairs. He rejoined the Herald in 2020, previously working at Stuff and News Corp Australia.