Guest Author: Tim Ebner, ASAE Center
Email and telephone “spoofing” scams, which mimic a legitimate person or business, are on the rise. Often these attacks target online member directories where members’ contact information can be used to deceive.
Member directories are common on association websites, whether they’re members-only directories for the association community or public ones that help professionals or businesses make connections with potential customers.
Packed as they are with member information, online directories can quickly become prime targets for cyber criminals, especially if they lack proper safeguards.
Recently, the Association of Certified Fraud Examiners fell victim to a so-called spear-phishing attack. In a letter addressed to members, a group of cybercriminals crafted a phony but legitimate-looking request for bids that appeared to come from ACFE directly.
“These cyber criminals were doing a broad search of our directory and getting the information they needed to conduct an attack,” says Director of Membership Ross Pry.
Email and telephone “spoofing” scams, which mimic a legitimate person or business, are on the rise, but Pry says that doesn’t mean associations must fall victim. Preventing an attack “takes a coordinated effort between the association and [its] members,” he says. “And when an attack does happen, don’t be afraid to have a conversation with members.”
