Skip to content
  • Home
  • Services
    • Audit & Attest
      • Financial Statement Audits
      • Employee Benefit Plans
      • Attestation Engagements
      • Compilations & Review
      • SOC
      • Agreed-Upon Procedures
    • Advisory
      • Transaction Advisory Services
      • Cybersecurity, Technology Risk, Privacy
      • High Net Worth Services
      • Forensic Services
      • Litigation Services
      • Management Consulting
      • Technology Services
      • Valuation Services
    • Business & Tax
      • Corporate Income Tax
      • Individual Income Tax
      • International Tax
      • State and Local Tax Compliance and Tax Minimization Services
      • Tax Planning
    • T&C Family Office Group
  • Industries
    • Car Wash
    • Construction & Real Estate
    • Government
    • Healthcare
    • Manufacturing & Distribution
    • Nonprofit Organizations
    • Privately-held Companies
    • Professional Services
    • Technology
  • Firm
    • Overview
    • Our People
    • Our Community
    • Templeton Group
      • PracticePro 365
      • T&C Family Office Group
      • Templeton Investigative Services
  • Careers
    • Experienced
    • Students
    • Benefits
  • Pay My Bill
Menu
  • Home
  • Services
    • Audit & Attest
      • Financial Statement Audits
      • Employee Benefit Plans
      • Attestation Engagements
      • Compilations & Review
      • SOC
      • Agreed-Upon Procedures
    • Advisory
      • Transaction Advisory Services
      • Cybersecurity, Technology Risk, Privacy
      • High Net Worth Services
      • Forensic Services
      • Litigation Services
      • Management Consulting
      • Technology Services
      • Valuation Services
    • Business & Tax
      • Corporate Income Tax
      • Individual Income Tax
      • International Tax
      • State and Local Tax Compliance and Tax Minimization Services
      • Tax Planning
    • T&C Family Office Group
  • Industries
    • Car Wash
    • Construction & Real Estate
    • Government
    • Healthcare
    • Manufacturing & Distribution
    • Nonprofit Organizations
    • Privately-held Companies
    • Professional Services
    • Technology
  • Firm
    • Overview
    • Our People
    • Our Community
    • Templeton Group
      • PracticePro 365
      • T&C Family Office Group
      • Templeton Investigative Services
  • Careers
    • Experienced
    • Students
    • Benefits
  • Pay My Bill
CONTACT US

Nonprofits, Don’t Get Caught by Phishing Schemes

  • Assurance, Advisory & Review, Blog, Nonprofit

Home » Nonprofits, Don’t Get Caught by Phishing Schemes

By Nidhi Rao

What are phishing schemes?

These deceptive messages can take the form of emails, phone calls or websites, and are designed to steal funds from an organization by tricking an employee into divulging confidential personal or business information such as a user name, password, bank account number, Social Security number or Employer Identification Number (EIN).

Phishing attacks most often appear as emails, but can also be conducted via instant messages or over the phone. While most organizations’ email services and firewalls are equipped with spam filters, cyber criminals can craft messages that appear trustworthy or impart a sense of urgency, and can sometimes penetrate security filters.

To give a sense of how innocuous phishing emails can appear, we’ve included an example chain here. Characteristics of a typical phishing email include:

  • Slight variations on an email address of the sender;
  • Misspellings and grammar mistakes; and/or
  • An urgent request to complete the task, i.e., “I need you to do this ASAP.”

Cyber criminals are persistent when devising new ways to capture sensitive information from unsuspecting individuals, and spam filters and firewalls are only the first line of protection against phishing schemes. To proactively mitigate these risks, organizations can take the following steps to protect themselves:

Educate employees – Provide training on the risks associated with phishing schemes and caution employees away from offering confidential information, such as user names and passwords, over email or executing banking transactions based on instructions received via email. Employees should be advised to follow internal company policies and procedures when executing transactions or sharing confidential information.

Institute two-party authentication controls – Electronic security and authentication controls are now offered within online banking systems, making it so that an individual initiating a wire transfer cannot also authorize the transfer. If these systems are in place, a wire transfer initiated by an unknowing victim of a phishing scheme cannot be executed until a second individual authorizes the transaction, thereby increasing the chance an error will be discovered.

Require verbal confirmation – Organizations can protect themselves by instructing employees to obtain verbal authorization, no matter how urgent the request might seem, from the sender of an email prior to processing a transaction such as a wire transfer.

Use a code word – If an organization regularly communicates requests to process transactions via email, a “secret word” can be established internally to include in all email transaction requests in order to differentiate a valid email from a phishing email. This should be a unique word or phrase agreed upon by the financial executive department and known only internally.

Additionally, it’s important to note that information technology (IT) staff should be notified if employees receive phishing emails, so that spam filters and firewall settings can be adjusted to mitigate the risk of future messages bypassing these defenses. If an organization does fall victim to a phishing scheme, it’s important to quickly investigate the source of the email. Given the ever-changing cyber landscape and the speed at which digital attack tactics evolve, utilizing approaches to mitigate risk from both an IT and a personnel perspective is an organization’s best line of defense. For more on investigative practices for a nonprofit once it learns it’s fallen victim to fraud, see page 8 for the article “Wire Transfer Fraud: It Could Happen To You.”

NFP Blog - Phishing Scheme

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Winter 2015). Copyright © 2015 BDO USA, LLP. All rights reserved. www.bdo.com

Categories
  • Agribusiness
  • Assurance, Advisory & Review
  • Blog
  • Business Consulting & Corporate Compliance
  • Current Opportunities
  • Employee Benefit Plans / 401(k)
  • Healthcare
  • High Net Worth Individuals
  • Manufacturing & Distribution
  • Newsletter Articles
  • Newsletters
  • Nonprofit
  • Press Releases
  • Privately Held Companies
  • Professional Services
  • Real Estate & Construction
  • Retail
  • Specialty Tax Services
  • T&C Family Office Group
  • Tax Planning & Compliance
  • Technology
  • Uncategorized
  • Valuation Services

SHARE THIS ON:

RELATED POSTS

GASB Statement No. 101, Compensated Absences

In June 2022, the Governmental Accounting Standards Board (GASB) issued GASB Statement No. 101, Compensated Absences (GASBS 101 or Statement). The Statement updates the accounting

Read More »

A Closer Look at IRC Section 1031 Exchanges

By John Chenoweth, CPA What is an IRC Section 1031 Exchange? An IRC Sec. 1031 like-kind exchange is an effective method for investors to defer

Read More »

Steve Templeton Named Power Leader by South Florida Business Journal

West Palm Beach, Fla., February 7, 2023 – Steve Templeton, Founder and Managing Partner of Templeton & Company, was named a Power Leader in the

Read More »

Contact Us

WEST PALM BEACH
Esperante Building
222 Lakeview Avenue
Suite 1200
West Palm Beach, FL 33401
(561) 798-9988
Fax: (561) 798-4053

FORT LAUDERDALE
The Main
201 East Las Olas Boulevard
Suite 1650
Fort Lauderdale, FL 33301
(954) 333-0001
Fax: (954) 765-0719

Twitter Facebook Instagram Youtube Linkedin
© 2023 Templeton & Company. All Rights Reserved. Website by Weber & Co.
Services
  • Audit & Attest
  • Advisory
  • Business & Tax
  • T&C Family Office Group
  • Pay My Bill
  • Audit & Attest
  • Advisory
  • Business & Tax
  • T&C Family Office Group
  • Pay My Bill
Industries
  • Car Wash
  • Construction & Real Estate
  • Government
  • Healthcare
  • Manufacturing & Distribution
  • Nonprofit Organizations
  • Privately-held Companies
  • Professional Services
  • Technology
  • Car Wash
  • Construction & Real Estate
  • Government
  • Healthcare
  • Manufacturing & Distribution
  • Nonprofit Organizations
  • Privately-held Companies
  • Professional Services
  • Technology
Firm
  • Overview
  • Our People
  • Our Community
  • Templeton Group
  • Overview
  • Our People
  • Our Community
  • Templeton Group
Careers
  • Experienced
  • Students
  • Benefits
  • Experienced
  • Students
  • Benefits
Cleantalk Pixel