Let’s say you are the controller in the finance office. Let’s say your boss sends you an email telling you to wire some money to a new organization in the field that he just met because they have the ability to do something great and they need the funds to seize the opportunity right now. Today. Oh, the amount is within budget and he gives you the routing information for the wire. Email is signed using your boss’ nickname and based on a quick glance, the e-mail address is legit.
You quickly send the wire, right?
If I hadn’t included the words “new scam” in the title of this post, would you have been on guard that the email just mentioned could easily be a scam?
Michael Batts, CPA, explains at Church Law & Tax that a New Email Scam Targets Nonprofit Leaders.
Scammers can browse a charity’s web site to gather intel on the names and nicknames of key players, such as the CEO, CFO, and maybe other finance staff. Careful research can identify the format of email addresses. Wouldn’t take long to learn the standard format is first initial, last name, minor variation on ministry name, and org/com/net. Add in a few minutes of research on the 990. The scammer could then have enough information to spoof an email to someone in the finance team.
From this and other articles I’ve read, this scheme works sometimes.
Article has five tips on how to prevent this type of scam from stealing precious dollars from your ministry.
The most basic step is to make sure everyone in leadership, management, and finance are aware this type of scheme exists.
Another key idea is to prohibit sending out wires based on a simple email. Additional documentation should be needed. At a minimum a confirming conversation is needed.
Check out the full article for more details.