An email scam was recently attempted against several Neighborhood Councils, where scammers impersonated a Council’s President and instructed board members to make payments to fraudulent accounts. Learn how to protect your board from this type of internet fraud, which is called “CEO impersonation” or Business Email Compromise (BEC).
Neighborhood Councils have a built-in safety mechanism for funding expenditures, because they have to vote to make disbursements, so money cannot be spent without the board’s knowledge and consent. However, a successful impersonation of your board’s Chair or other boardmembers can still happen, if your Council doesn’t take proper precautions.
The FBI has a couple of great articles on guarding against Business Email Compromise, which are linked at the end of this article. One key precaution the FBI emphasizes is to make sure communications that seem strange or out of character are really coming from the person you think is sending them. To check this, use another channel of communication, such as the telephone, to contact that person and ask about the message. Never reply directly to the suspicious message, or else you may simply wind up in conversation with the scammer who sent it.
Con artists impersonating someone in authority often set up “spoof” email addresses that look very close to the address of the people they are impersonating, with just one letter changed, so at a glance, the address looks okay. For example, instead of “empowerla,” an address could say “empower1a,” with a 1 instead of a lower-case L, which looks almost identical. To avoid being taken in by that tactic, don’t hit Reply; instead, hit Forward, then re-enter the address of the person you are replying to, to ensure that the right person gets your message.
In general, always carefully review the content and the sender email addresses on any email you receive regarding the transfer of funds. Your board may want to discuss putting a two-step verification process in place where communication happens via both email and telephone, whenever funding transfers are discussed. This FBI article has several great pointers about using two-factor authentication, such as making sure that telephone verification always be via prearranged phone numbers, and not the phone numbers contained in a suspicious email.
If you suspect that your board may be the target of internet fraud, please contact EmpowerLA immediately and include copies of any emails you have received.
To learn more about ways to safeguard your Neighborhood Council from fraud, please check out these articles from the FBI and their Internet Crime Complaint Center (IC3):