ALERT: Non-profits are the latest target of Phishing Schemes

Posted on December 11, 2015December 12, 2019

AAFCPAs has been alerted by a number of nonprofit clients that they are receiving emails from scammers who are disguising themselves as an internal, senior member of the organization’s management team. These emails look legitimate and are from an email address very similar to the organization’s email, with a slight variation.
In the email there is an urgent request to fund a wire transfer or disclose secure financial information. The email exchange typically begins with an inquiry if the person is available and then leads to a request to transfer money. The perpetrators of these scams get information that is widely available on the organization’s website, including the nature of the business, names and email addresses of key management and board members, and personal information of these employees from social media sites including LinkedIn and Facebook in order to make the email appear genuine.
A Client’s Story
The CFO of a large nonprofit organization received an urgent email from the CEO asking “Are you free”. The CFO responded that they were available. The CEO then instructed the CFO to make a wire transfer to an individual. Although this was an unusual request, the payment was in-line with the general operations of the organization. The CFO then asked where to charge the expense to and the CEO responded: “Administrative Expenses.” This tipped the CFO off that something seemed odd. A phone call to the CEO proved that this was in fact a “phishing scheme.”
What should you look for?
Most of these phishing emails contain the same characteristics, including:

An email address from the sender that is slightly different, such as an extra letter in the domain name
A signature that is not consistent with others in the organization
Misspellings in the body of the email
A request for funds in an urgent manner

What can you do to protect your organization?
This scheme is easy to fall prey to, however it can be easily prevented if you follow these steps:

Follow the normal processes the organization has in place for disbursing funds, including check requisitions and sign offs. Wiring funds with an “urgent” need, outside of the normal processes increases your risk.
Educate employees about these scams. Sharing this information and reminding all employees of the standard protocols when disbursing funds will reduce your risk.
If your organization has a program that requires immediate wire transfers where the request is sent electronically, consider setting up standard procedures that require either a verbal confirmation or the use of a code word in the email.
Adopt a system that requires two individuals to be involved in the wire transfer process. The ideal situation will allow one person to establish the wire transfer and require a second individual to approve and release the wire.
Notify your IT staff as soon as you receive a suspicious email.

Fraud can come in many different forms, including these types of phishing schemes. Phishing is the act of deceptively luring an individual into providing financial or personal information through a legitimate-looking website, email or instant message. Although phishing schemes have been around for years, there has been a recent increase in phishing that has targeted nonprofit organizations.
AAFCPAs encourages you to proceed cautiously when receiving any email or communications soliciting funds or personal information. These simple steps should greatly reduce your risk of falling victim to a phishing scheme. If you are a victim to this scam, you should notify your bank and the bank that received the funds immediately and contact your local police.
For more information about fraud prevention and risk assessment, please contact your AAF Partner, or John Buckley, CPA, Partner, at 774.512.4039 or jbuckley@nullaafcpa.com.

About the Author

John Buckley, CPA, CGMA

John is the leader of AAFCPAs’ Educational Services practice, serving diverse academic and education services clients spanning independent schools, colleges/universities, special education schools, education services, charter schools and charter management organizations (CMOs). He fully understand the nuances of the educational services industry and business and operational challenges faced by these institutions, including funding and regulatory issues such as: capital campaign structures, complex endowments, alternative investments, debt financing and tax credit options, and unique governance concerns and …

Related Insights

Announcing AAFCPAs’ Exciting Partnership with Oracle NetSuite

We are thrilled to announce that AAFCPAs has formed a new partnership with Oracle NetSuite, one of the world’s leading cloud-based ERP systems. This collaboration aims to provide our Outsourced Accounting & Fractional CFO (OAFC) clients with unparalleled support and advanced solutions that are perfectly tailored to their growing needs. Outsourced NetSuite Accounting For OAFC […]

Shift in EEC Funding Model Requires Business Process Assessment

Effective October 1, 2024, the Massachusetts Department of Early Education and Care (EEC) shifted its contract reimbursement from a primarily unit-rate model to a mix of unit-rate and cost-reimbursable contracts. Under the new contracts, childcare seats will be reimbursed on a unit-rate basis while administrative and supportive services will be funded through cost reimbursement contracts. […]

Cost Center Coding Strategies for Effective Grant Reporting

For complex human and social services providers, managing grants and ensuring compliance can often feel like navigating a labyrinth. One effective strategy to simplify this process is through cost center coding. AAFCPAs provides the following detailed guidance on how to leverage cost center coding to streamline grant reporting and maintain compliance. Design Your Cost Centers […]