The Institute - September 2019 - 4

briefings

HOW TO PROTECT YOURSELF

Recently IEEE has become
aware of email scams and phishing
attempts whereby IEEE volunteers
are requested to send money via wire
transfers or checks.
Attackers might send you email that
looks like it is coming from a legitimate
source, using actual names and email
addresses of IEEE leaders such as
society presidents, section chairs, and
conference organizers.
The attackers often perform a fair
amount of research before attempting
their scams. They might use information readily available on websites and
social media to determine business
relationships in order to customize their
attacks and make them look real.
An attacker might claim, for example,
to be an IEEE volunteer and ask you to
transfer money or to reply with banking information, including account
balances. In such situations, the email
address used by the attacker might
look as though it is coming from IEEE
or another domain that you recognize.
TI-4

SEP 2019

THE INSTITUTE

The IEEE IT Security and Legal and
Compliance departments recommend
that you consider the following when
reviewing messages related to your
IEEE volunteer activities:
■ Is the message requesting an
invoice payment or a payment for
other purchases?
■ Does the message request sensitive data such as your personal
information, bank-account balances,
or other financial information?
■ Does the message convey a sense of
urgency or threaten legal action or
other consequences?
■ Does the message request payment to avoid the release of
compromising information?
■ Is the request for payment part of
your normal activities or related to a
project you are actively working on?
■ Is the request coming from
someone you normally work with?
Does the wording sound like the
way that person typically would
speak to you?

-GILBERTO SANTIAGO AND
JONATHAN WIGGINS

Santiago is senior director of IEEE's
security and network management.
Wiggins is senior intellectual
property attorney and chief
privacy officer in the IEEE Legal
and Compliance Department.
This article originally appeared online as
"Cybersecurity Alert: Beware of Phishing Attempts
Targeting IEEE Leaders."

ISTOCKPHOTO

Don't Get Hooked: Phishing Attempts
Are Targeting IEEE Leaders

To avoid such scams, first become
familiar with and follow IEEE
payment processes.
Validate details with the parties
involved but do not validate via
email and do not use any email
addresses or phone numbers
included in the message. Instead,
use information that you already
have or can obtain from IEEE.
Establish a validation process for the approval of financial
transactions.
Be particularly careful of email
requests that ask you to act immediately, especially if something sounds
too good to be true. Think before
taking any action.
Trust your instincts. If a request
appears to be coming from someone you know but just doesn't feel
right, contact that person using a
different communication method.
If, for example, the unusual request
comes via email, call the person
on the phone. Use the IEEE online
roster for contact information.
If you receive a call or an email
or text message requesting that you
take an action-even if appears to
be consistent with the responsibilities of your IEEE leadership role-
but you are unsure if it is legitimate,
notify your supporting IEEE business unit. Contact and support information can be found at https://www.
ieee.org/about/contact.html

https://www.ieee.org/roster https://www.ieee.org/roster https://www.ieee.org/about/contact.html https://www.ieee.org/about/contact.html

The Institute - September 2019

Table of Contents for the Digital Edition of The Institute - September 2019