Skip to content
  • Home
  • Services
    • Audit & Attest
      • Financial Statement Audits
      • Employee Benefit Plans
      • Attestation Engagements
      • Compilations & Review
      • SOC
      • Agreed-Upon Procedures
    • Advisory
      • Transaction Advisory Services
      • Cybersecurity, Technology Risk, Privacy
      • High Net Worth Services
      • Forensic Services
      • Litigation Services
      • Management Consulting
      • Technology Services
      • Valuation Services
    • Business & Tax
      • Corporate Income Tax
      • Individual Income Tax
      • International Tax
      • State and Local Tax Compliance and Tax Minimization Services
      • Tax Planning
    • T&C Family Office Group
  • Industries
    • Car Wash
    • Construction & Real Estate
    • Government
    • Healthcare
    • Manufacturing & Distribution
    • Nonprofit Organizations
    • Privately-held Companies
    • Professional Services
    • Technology
  • Firm
    • Overview
    • Our People
    • Our Community
    • Templeton Group
      • PracticePro 365
      • T&C Family Office Group
      • Templeton Investigative Services
  • Careers
    • Experienced
    • Students
    • Benefits
  • News
  • Pay My Bill
Menu
  • Home
  • Services
    • Audit & Attest
      • Financial Statement Audits
      • Employee Benefit Plans
      • Attestation Engagements
      • Compilations & Review
      • SOC
      • Agreed-Upon Procedures
    • Advisory
      • Transaction Advisory Services
      • Cybersecurity, Technology Risk, Privacy
      • High Net Worth Services
      • Forensic Services
      • Litigation Services
      • Management Consulting
      • Technology Services
      • Valuation Services
    • Business & Tax
      • Corporate Income Tax
      • Individual Income Tax
      • International Tax
      • State and Local Tax Compliance and Tax Minimization Services
      • Tax Planning
    • T&C Family Office Group
  • Industries
    • Car Wash
    • Construction & Real Estate
    • Government
    • Healthcare
    • Manufacturing & Distribution
    • Nonprofit Organizations
    • Privately-held Companies
    • Professional Services
    • Technology
  • Firm
    • Overview
    • Our People
    • Our Community
    • Templeton Group
      • PracticePro 365
      • T&C Family Office Group
      • Templeton Investigative Services
  • Careers
    • Experienced
    • Students
    • Benefits
  • News
  • Pay My Bill
CONTACT US

Nonprofits, Don’t Get Caught by Phishing Schemes

  • Assurance, Advisory & Review, Blog, Nonprofit

Home » Nonprofits, Don’t Get Caught by Phishing Schemes

By Nidhi Rao

What are phishing schemes?

These deceptive messages can take the form of emails, phone calls or websites, and are designed to steal funds from an organization by tricking an employee into divulging confidential personal or business information such as a user name, password, bank account number, Social Security number or Employer Identification Number (EIN).

Phishing attacks most often appear as emails, but can also be conducted via instant messages or over the phone. While most organizations’ email services and firewalls are equipped with spam filters, cyber criminals can craft messages that appear trustworthy or impart a sense of urgency, and can sometimes penetrate security filters.

To give a sense of how innocuous phishing emails can appear, we’ve included an example chain here. Characteristics of a typical phishing email include:

  • Slight variations on an email address of the sender;
  • Misspellings and grammar mistakes; and/or
  • An urgent request to complete the task, i.e., “I need you to do this ASAP.”

Cyber criminals are persistent when devising new ways to capture sensitive information from unsuspecting individuals, and spam filters and firewalls are only the first line of protection against phishing schemes. To proactively mitigate these risks, organizations can take the following steps to protect themselves:

Educate employees – Provide training on the risks associated with phishing schemes and caution employees away from offering confidential information, such as user names and passwords, over email or executing banking transactions based on instructions received via email. Employees should be advised to follow internal company policies and procedures when executing transactions or sharing confidential information.

Institute two-party authentication controls – Electronic security and authentication controls are now offered within online banking systems, making it so that an individual initiating a wire transfer cannot also authorize the transfer. If these systems are in place, a wire transfer initiated by an unknowing victim of a phishing scheme cannot be executed until a second individual authorizes the transaction, thereby increasing the chance an error will be discovered.

Require verbal confirmation – Organizations can protect themselves by instructing employees to obtain verbal authorization, no matter how urgent the request might seem, from the sender of an email prior to processing a transaction such as a wire transfer.

Use a code word – If an organization regularly communicates requests to process transactions via email, a “secret word” can be established internally to include in all email transaction requests in order to differentiate a valid email from a phishing email. This should be a unique word or phrase agreed upon by the financial executive department and known only internally.

Additionally, it’s important to note that information technology (IT) staff should be notified if employees receive phishing emails, so that spam filters and firewall settings can be adjusted to mitigate the risk of future messages bypassing these defenses. If an organization does fall victim to a phishing scheme, it’s important to quickly investigate the source of the email. Given the ever-changing cyber landscape and the speed at which digital attack tactics evolve, utilizing approaches to mitigate risk from both an IT and a personnel perspective is an organization’s best line of defense. For more on investigative practices for a nonprofit once it learns it’s fallen victim to fraud, see page 8 for the article “Wire Transfer Fraud: It Could Happen To You.”

NFP Blog - Phishing Scheme

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Winter 2015). Copyright © 2015 BDO USA, LLP. All rights reserved. www.bdo.com

Categories
  • Agribusiness
  • Assurance, Advisory & Review
  • Blog
  • Business Consulting & Corporate Compliance
  • Current Opportunities
  • Employee Benefit Plans / 401(k)
  • Healthcare
  • High Net Worth Individuals
  • Manufacturing & Distribution
  • Newsletter Articles
  • Newsletters
  • Nonprofit
  • Press Releases
  • Privately Held Companies
  • Professional Services
  • Real Estate & Construction
  • Retail
  • Specialty Tax Services
  • T&C Family Office Group
  • Tax Planning & Compliance
  • Technology
  • Uncategorized
  • Valuation Services

SHARE THIS ON:

RELATED POSTS

Demystifying Nonprofit Cost Allocations

By Dan Durst, MBA, and Gina McDonald, CPA When asked what is at the top of their finance department “to-do” list, many nonprofits name the

Read More »

DOL Enforcement Activity Expected to Increase in 2023

In 2022, the Employee Benefits Security Administration (EBSA) saw a significant decrease in enforcement actions for the second consecutive year. In total, the EBSA recovered

Read More »

Templeton & Company, LLP Named a 2023 Best of the Best Firms

West Palm Beach, Fla. – August 28, 2023– Templeton & Company, LLP has been named a 2023 Best of the Best Firms in the nation

Read More »

Contact Us

WEST PALM BEACH
Esperante Building
222 Lakeview Avenue
Suite 1200
West Palm Beach, FL 33401
(561) 798-9988
Fax: (561) 798-4053

FORT LAUDERDALE
The Main
201 East Las Olas Boulevard
Suite 1650
Fort Lauderdale, FL 33301
(954) 333-0001
Fax: (954) 765-0719

Twitter Facebook Instagram Youtube Linkedin
© 2023 Templeton & Company. All Rights Reserved. Website by Weber & Co.
Services
  • Audit & Attest
  • Advisory
  • Business & Tax
  • T&C Family Office Group
  • Pay My Bill
  • Audit & Attest
  • Advisory
  • Business & Tax
  • T&C Family Office Group
  • Pay My Bill
Industries
  • Car Wash
  • Construction & Real Estate
  • Government
  • Healthcare
  • Manufacturing & Distribution
  • Nonprofit Organizations
  • Privately-held Companies
  • Professional Services
  • Technology
  • Car Wash
  • Construction & Real Estate
  • Government
  • Healthcare
  • Manufacturing & Distribution
  • Nonprofit Organizations
  • Privately-held Companies
  • Professional Services
  • Technology
Firm
  • Overview
  • Our People
  • Our Community
  • Templeton Group
  • Overview
  • Our People
  • Our Community
  • Templeton Group
Careers
  • Experienced
  • Students
  • Benefits
  • Experienced
  • Students
  • Benefits
Cleantalk Pixel