Association Leadership - May/June 2018 - 23

©ISTOCK.COM/JANWILLEMKUNNEN

But I believe that associations are
particularly vulnerable.
Why?
The association industry - more so
than just about any industry - is driven
by people-people for people-people.
Associations want to work quickly for
their members and colleagues and to
be as helpful as possible. They want to
connect people to the information they
want or need in a timely fashion. And
everyone who works in an association
gets bombarded with a seemingly
endless number of emails every day,
meaning that slowing down is rarely
an option.
And this is where things get even
more devious.
Associations are increasingly
being targeted by a very specific and
especially dangerous form of phishing:
spear phishing.
I work in the association world as an
IT professional, so I see this type
of attack becoming more and
more common.
The difference between phishing
and spear phishing is in the effort the

criminal puts in beforehand, and the
precision of the attack.
While phishing involves throwing
a generic message out to the
world, hoping to get something
from someone, spear phishing is
specifically targeted at individuals,
using information gathered from
across the web, and requesting
information that the attacker can and
will use quickly.
Spear phishing is designed to
seem as legitimate and personal as
possible. Often, spear phishers will
send emails that appear to be from
a colleague or loved one, asking for
sensitive information, in other cases,
recipients are directed to a website
containing dangerous codes that
will turn the affected computer into a
spam bot, or even read key-strokes to
learn passwords.
That's how an association's great
strength - their ability to bring people
together - can become a major
weakness.

Major Scams to Be Aware of
Let's address the two most common
scams that we see affecting
associations.

Member/Board Member Scam
In more and more cases for
associations, phishers send emails
that appear to be from members and
board directors.
Something I've heard from a
number of associations is that "board
members" send emails asking for
login information for the association's
website or database. The phisher
in this case may be trying to get
access to association information
or may be trying to get a password
hoping that the board member uses
the same password for everything;
their association login, email, bank's
website, and credit card company.
If someone emails you asking for
login information, please call them
to confirm they really have forgotten
their password.

IRS/W2 Scam
Another common scam popped
up over tax season. The phisher
in this case assumes the identity
of an executive emails the victim,
asking the recipient to send them the
organization's tax information.
Again, call this person to
confirm; they'll appreciate the
minor inconvenience for the sake of
protecting your organization, even
if it really was them asking for the
information.
In other cases, phisher
impersonate the IRS, telling the
recipient that they are due tax refund.
Remember; "The IRS doesn't
initiate contact with taxpayers."
That's from the IRS's own website.
If you receive anything like
this, please forward that email to
phishing@irs.gov.

Context is Key
Obviously, context is always
important, but when it comes to
avoiding cybercrime, it is paramount.
Here's an example; you and
your coworker Stacey have been
discussing a payroll inconsistency
over lunch. After lunch, Stacey
sends you an email asking for
private, payroll-related information.
In this case, you might assume that
this really is Stacey, because you
were just talking about this issue.
You'd probably be safe just replying
to that email. However, it's also
a good idea to get in a securityconscious mindset. It wouldn't hurt
to call Stacey (or walk over to her
office) and ask if that really was her
requesting that information.
Here's another example; someone
who is out on vacation emails you,
asking for your organization's credit
card number. Call this person! There
is no context to this email. Maybe
they really did forget to make a
purchase for the agency and decided
to handle it during their vacation. But
this type of email should set off all
your cybercrime alarms.
Continued on page 29
MAY/JUNE 2018

23


http://www.ISTOCK.COM/JANWILLEMKUNNEN

Association Leadership - May/June 2018

Table of Contents for the Digital Edition of Association Leadership - May/June 2018

Homepage
60-Second Solutions
Ask a Hotelier
Tech Talks Recap
What Every Association Professional Needs to Know About Advocacy
Are There Blind Spots in Your Sexual Harassment Policies?
Email Phishing in the New Wild West
Identifying Email Risks to Your Association
Harness the Power of Your Publication
Meetings Minute
Destination Planner
New Members
Index to Advertisers
Backpack to Briefcase
Association Leadership - May/June 2018 - Intro
Association Leadership - May/June 2018 - cover1
Association Leadership - May/June 2018 - cover2
Association Leadership - May/June 2018 - 3
Association Leadership - May/June 2018 - 4
Association Leadership - May/June 2018 - 5
Association Leadership - May/June 2018 - 6
Association Leadership - May/June 2018 - Homepage
Association Leadership - May/June 2018 - 60-Second Solutions
Association Leadership - May/June 2018 - 9
Association Leadership - May/June 2018 - Ask a Hotelier
Association Leadership - May/June 2018 - 11
Association Leadership - May/June 2018 - Tech Talks Recap
Association Leadership - May/June 2018 - 13
Association Leadership - May/June 2018 - What Every Association Professional Needs to Know About Advocacy
Association Leadership - May/June 2018 - 15
Association Leadership - May/June 2018 - 16
Association Leadership - May/June 2018 - 17
Association Leadership - May/June 2018 - 18
Association Leadership - May/June 2018 - 19
Association Leadership - May/June 2018 - Are There Blind Spots in Your Sexual Harassment Policies?
Association Leadership - May/June 2018 - 21
Association Leadership - May/June 2018 - Identifying Email Risks to Your Association
Association Leadership - May/June 2018 - 23
Association Leadership - May/June 2018 - Harness the Power of Your Publication
Association Leadership - May/June 2018 - 25
Association Leadership - May/June 2018 - Meetings Minute
Association Leadership - May/June 2018 - Destination Planner
Association Leadership - May/June 2018 - New Members
Association Leadership - May/June 2018 - Index to Advertisers
Association Leadership - May/June 2018 - Backpack to Briefcase
Association Leadership - May/June 2018 - cover3
Association Leadership - May/June 2018 - cover4
https://www.nxtbook.com/naylor/TSES/TSES0318
https://www.nxtbook.com/naylor/TSES/TSES0218
https://www.nxtbook.com/naylor/TSES/TSES0118
https://www.nxtbook.com/naylor/TSES/TSES0617
https://www.nxtbook.com/naylor/TSES/TSES0517
https://www.nxtbook.com/naylor/TSES/TSES0417
https://www.nxtbook.com/naylor/TSES/TSES0317
https://www.nxtbook.com/naylor/TSES/TSES0217
https://www.nxtbook.com/naylor/TSES/TSES0117
https://www.nxtbook.com/naylor/TSES/TSES0616
https://www.nxtbook.com/naylor/TSES/TSES0516
https://www.nxtbook.com/naylor/TSES/TSES0416
https://www.nxtbook.com/naylor/TSES/TSES0316
https://www.nxtbook.com/naylor/TSES/TSES0216
https://www.nxtbook.com/naylor/TSES/TSES0116
https://www.nxtbook.com/naylor/TSES/TSES0615
https://www.nxtbook.com/naylor/TSES/TSES0515
https://www.nxtbook.com/naylor/TSES/TSES0415
https://www.nxtbook.com/naylor/TSES/TSES0315
https://www.nxtbook.com/naylor/TSES/TSES0215
https://www.nxtbook.com/naylor/TSES/TSES0115
https://www.nxtbookmedia.com