About us
News and insights
Investor Relations
Contact us
Get in touch
Find us
Our vision, mission and values

Our leadership

Explore About us
Press releases

Explore News and insights
Financial results

Explore Investor Relations
Explore Contact us
Back
About us

Our vision, mission and values

Our leadership

Back
News and insights

Press releases

Back
Investor Relations

Financial results

Back
Contact us
Back
  • Our vision, mission and values
  • Board of Directors
  • Nedbank Lesotho wins Global Brands Magazine award
  • Nedbank Lesotho wins 2 awards
  • Update on 2% additional charges on some POS machines | Nedbank Lesotho
  • CMA communication from Nedbank Lesotho MD Nkau Matete | Nedbank Lesotho
  • Financial results

Whaling

 

Don't get hooked by whaling, this is a form of phishing that targets businesses by sending emails to finance departments impersonating a Chief Executive Officer or Chief Financial Officer trying to trick employees into making deposits.

What is whaling?

Whaling is a type of phishing scam where fraudsters send emails to employees of financial institutions impersonating a senior executive requesting that they transfer funds into an external account urgently. The employee processes the payment, as he/she believes that the request came from a senior executive (CEO or CFO), and the fraudsters get away with the money. Financial institutions and private businesses are the primary targets for these scams, which generally require a lot of planning to be successful.
 

How does whaling work?

  • Getting to know the targeted executive
    Fraudsters often make use of social engineering to gather information. They trawl through social media sites and may even contact employees in the organisation to gather the required information. The fraudsters may even go as far as getting a copy of the email template and electronic signature used by the targeted executive to make the email seem more legitimate.

  • Getting to know who holds the purse strings
    Fraudsters determine who in the organisation is able to make large payments and source the relevant contact details and any other information that they could use to make the request seem more legitimate.
  • Setting the trap
    Having gathered the required information, fraudsters draft an email from the executive requesting that a payment be made into an external account and forward it to the targeted employee(s), hoping that payment will be made.
  • Remember
    Fraudsters rely on the fact that employees will never question an instruction from an executive and will blindly follow instructions without verification. We are all very busy and often do not take the time properly to look at the format, layout, grammar and punctuation in emails we receive; we quickly scan through them before we act. 

 

How to protect yourself

  • Ensure that the email address on the email received is correct and that it matches the email address on your business system. Fraudsters often make small changes, such as adding a full stop or changing one letter, hoping that you will not notice;
  • Look out for odd requests and if you get an email that seems strange or out of the ordinary, contact the sender and confirm that the email came from him/her. Do not click on links in a suspicious email, as you might unknowingly download malware onto your computer;
  • Be careful what information you disclose on social media; fraudsters make use of social media to gather information on their targets to make their emails seem more legitimate; and
  • Don't disclose confidential information about Nedbank or your colleagues to third parties over the telephone, as you might be talking to a fraudster.
     

What to do if you receive such an email

If you receive an email that you suspect is fake, please delete and inform Nedbank immediately through our Help Desk on +266 22282182. Do not respond to it and do not click on any hyperlinks in the document.