Five ways to avoid email scams requesting money
Recently, Women of the ELCA synodical women's organizations have experienced email scams asking for money. In one case, a scammer sent an email to the SWO treasurer in the name of the SWO president, asking for money to be wired.
Though there were red flags, after multiple emails, the treasurer eventually wired a few thousand dollars to the scammer.
To keep this from happening to you, here are five tips to avoid these scams from an article written by and used with permission of Batts Morrison Wales & Lee, a national CPA firm dedicated exclusively to serving churches, nonprofit organizations, and their affiliates.
In the article, the firm mentions multiple incidents in which nonprofit financial leaders received fraudulent emails that appear to be from their superiors asking them to wire or transfer funds to an outside bank account. In some cases, the financial leaders believed the email request was legitimate.
How the scam works
Scammers spend time on the organization’s website, learning who the leaders are. Specifically, they will look for one of the top leaders in the organization (president, senior pastor, etc.). They then search for his/her email address and nickname, often found on the website.
Then, the scammers identify the top financial person (along with a nickname) and his/her email address.
Next, the scammers create an email in which they spoof the real email address of the top leader they have identified. The email will look very much like it came from the top leader and may even appear as having come from his/her actual email address. Scammers will then send the email to the organization’s top financial leader.
The email will contain instructions, using nicknames, if applicable, to wire or transfer money to an account about a project or activity in which the top leader is allegedly involved.
What to do to prevent becoming a victim of a scam like this
- Alert your leadership team to this type of scam.
- Have your organization’s IT team (or someone knowledgeable in email scams) advise you regarding how to detect or screen for spoofed email addresses.
- Maintain an agreement with your bank that requires two separate appropriately high-level people in your organization to authorize any wire transfers or similar disbursements.
- Maintain a policy that forbids finance personnel from making or authorizing distributions of funds based on email or similar instructions alone. Require that finance personnel speak in person or by phone (by calling the SWO president or pastor) and discuss the party who is requesting the distribution.
- Maintain a policy that forbids finance personnel from making or authorizing disbursements without proper and complete supporting documentation, regardless of who makes the request.
This content of this article was originally distributed as a Nonprofit Red AlertTM by Batts Morrison Wales & Lee, a national CPA firm dedicated exclusively to serving churches, nonprofit organizations, and their affiliates. To learn more about BMWL or to sign up to receive BMWL’s articles and alerts, please visit www.nonprofitcpa.com.