An ASSP chapter recently lost monies due to a spear-phishing attack. All ASSP chapters and regions are likely to see an increase in such attacks in the near future.
Spear-phishing messages are targeted messages that appear to come from a trusted source, likely someone the target knows personally and generally someone in a position of authority.
In the recent incident, a member of the chapter’s board received an official-looking e-mail from another board member asking for a money transfer to pay a vendor.
Be Smart
Spam filters can block some messages, but spammers are increasingly finding ways around this. That’s why every e-mail user must be vigilant. If a colleague or friend e-mails you and asks for a money transfer, password or other information, follow these steps:
- Verify that the e-mail address matches the one the sender usually uses to contact you.
- Call or send a separate e-mail to the person to verify if that person really contacted you. The same goes for banks and businesses. Legitimate contacts won't e-mail you asking for same day payment, passwords or account numbers. If you think the e-mail might be real, call the person or company and ask.
- Verify that the message follows the financial management policies and requirements outlined in our Chapter Accounting Standard Operating Guidelines. For example:
- Is there documentation and reference to prior approval from the executive committee for the expenditure?
- Has your region vice president approved contract expenses over $1,500?
- Are the other relevant members of your leadership team included on the message?
Also always remember: Don't divulge too much personal information online because you never know who might use it or how.
Added Protection
As part of ASSP’s web hosting account, each chapter is offered and encouraged to use role-specific e-mail addresses.
While the plain text in the from field can be manipulated, actual e-mail addresses cannot be spoofed. With a role-specific ASSP chapter e-mail address, you will see @[your chapter’s name].assp.org in the e-mail address when you click reply.
Using chapter e-mails will also protect your personal information and ease the officer transition each year.
If you have any questions, please contact our Chapter Web Update staff.