We have all come across phishing emails in our inbox once or twice. Some of us might have even fallen for it! Associations are often the prey to these cyber-attacks. It is easy to look at an association’s website and find out who is in charge of the organization and who would have access to the bank account. The emails of those individuals is also usually right there for the attacker. Because this information is so readily available, it is important to train your board and/or staff on potential cyber-attacks.
Most “phishers” are focused around a money transfer. The attacker might imitate the email of the President and email either the treasurer or staff with a request to transfer the money. Train your board to verify the email of the President when they receive a request like this one. There is often something slightly different that will indicate that the request is a scam.
Another resolution to the problem, would be to set procedures in place for when and how a money transfer should happen. Perhaps your board could make it a rule that no money should be transferred unless a phone call first takes place. This will automatically raise a red flag when a board member receives an email with the request.
The 4th quarter is when “phishers” come out in full force so be sure to be on guard! If you are looking to test your board, try this phish test. It is a great way to test your board’s current knowledge and allows them to see examples of what could be showing up in their inbox one day.