Wire transfer fraud targets professional associations too
A USU faculty member is president of a professional association about to have a national conference. She received a forward of a message supposedly from her to the association treasurer, requesting a wire transfer of $5000 to an out-of-state bank account (not near her, nor the treasurer, nor the conference location). The treasurer said he almost followed the instructions before deciding to contact her first.
---------- Forwarded message ----------
From: "Jane Doe, PhD" <email@example.com> [forged by the scammer]
Date: Jul 27, 2016 2:22 PM
Subject: Re:wire Transfer information
Below are the details for you to wire the money to,make it a sameday value payment
Bank name: XXXXX FEDERAL CREDIT UNION
BANK number: nnn-nn-nnnnn
Bank address: 5 South Main, Anytown, ST
Account Number : xxxxxxx
Routing Number: xxxxxxxx
Account name: Sam Asparagus
AMOUNT.. $5,000 DOLLARS
Email me the receipt once you transfer it.
Best Regards, Jane Doe, PhD
USU IT staff confirmed that the message did not come from her email account but was forged. We contacted the out-of-state bank to alert the bank that the account was being used for fraud with a recommendation to freeze the account in case multiple conferences were being targeted.
Reflection upon this new scam:
It is relatively easy to search online for upcoming academic conferences, find the officers of the host organization, and then impersonate a wire transfer request from the president to the treasurer as a one-time transaction in preparation for the conference.
This sort of scam can easily work because organization officers often reside at different institutions, do not work with each other on a day-to-day basis and may communicate largely via email (unlike same-institution administrators and their business officers who work face-to-face and have been more commonly targeted by this sort of scam).
Please let your association officers know to always ask questions first, and confirm by phone any requests for wire transfers, financial or credit account information, and officer & member information (name, address, email, or even SSN, date of birth, etc.).
It is easy for scammers to impersonate someone else in an email, so watch out and don’t fall for it. It’s your money and information too.
[Thanks to Mark F. Herron, CISO at Central Michigan University for additional wordsmithing.]