We’ve all received an email from a down-on-his-luck prince living in a far-off land with a large sum of money he can’t access unless a Good Samaritan like yourself lets him funnel it into your bank account – for which you will be rewarded handsomely.
Of course, we laugh it off when an obvious scam like this arrives in our inbox from a stranger. But what if the same scheme was disguised as a routine message from a trusted colleague?
One area of concern all nonprofits should be aware of is fraud. In this post, we are updating the public about the $3.1 billion business email scam that has caught the attention of the FBI.
For this scam, an ordinary-looking email that appears to originate from someone within your organization will include a request to send a wire or ACH to pay a vendor. Often included in the email – which typically will come from the executive director or manager – is an invoice and instructions on where to send the payment. Since the email appears to be for a legitimate business expense and is from someone authorized to send a payment, a nonprofit could comply with the request without thinking twice.
But, wait! That email isn’t really from your executive director, and that invoice is not a legitimate business expense. Rather, the correspondence is from someone who hacked into your email system, and the payment instructions give the criminals access to their bank account.
There are many ways to avoid becoming a victim of this scheme:
- Call the person who sent the email to confirm that a payment should be sent. In this case, the executive director would know they didn’t authorize a payment.
- Use a secure code when sending email requests for payments.
- Talk through approval processes and be skeptical of any wire or ACH being requested.
- Use a list of approved vendors for sending wire or ACH payments.
- Use Outlook rather than a web-based email service such as Gmail because it is more difficult to hack.
O’Leary & Anick helps manage banking relationships for its clients and adds a layer of security. We also leverage information from many banks and clients to help ensure our clients are protected from fraud. For more information, please contact Kevin O’Leary at 414-892-3215.