There is a sharp increase in the sophistication and frequency of attempts to defraud executives, those with influence, and individuals with authority to approve payments or purchases. Most of these losses are not covered under existing cyber insurance policies. These attempts are known as business email compromise (BEC). The most common ones are requests for a wire transfer for vendor payment, purchase of gift cards, and urgent requests such as processing invoices.
These requests will appear as coming from someone known to the recipient, which could be a legitimate vendor, a bank representative, a staff member or a volunteer. For IEEE the most targeted recipients of these emails are the CFO and his staff, all treasurers, and other staff or volunteers with approval authority. As a not for profit organization, information on our staff and volunteers are readily available online.
Would be scammers use spoofed email addresses and sometimes use compromised email accounts that will appear to the recipient as a legitimate email and the recipient may not doubt the validity of the request.
What to do?
· Protect your email account from phishing – see attached brochure.
· Always double check before sending money, gift cards or data.
· Be very suspicious of any request that appears intimidating or requests immediate action.
· Exercise caution when the request is not following the normal IEEE process or if the request appears unconventional such as requests to buy gift cards.
· Establish a secondary validation process such as a telephone call or email using a different address than the one from which the request came from.
· Become familiar with financial email scams and share the information with other volunteers – See attached brochure.
Please share this information with the volunteers you work with and especially the treasurers.
As always, please contact me or the IT security team at email@example.com if you have any question, concerns or need help with this topic.
Cherif Amirat – PhD, MBA
Chief Information Officer
Vera Lee Sharoff
IEEE Member & Geographic Activities
Director, Information Management
+1 732 562-5509 (voice)
+1 732 463-9359 (fax)