THE INSTITUTERecently IEEE has become aware of email scams and phishing attempts whereby IEEE volunteers are requested to send money via wire transfers or checks.
Attackers might send you email that looks like it is coming from a legitimate source, using actual names and email addresses of IEEE leaders such as society presidents, section chairs, and conference organizers.
The attackers often perform a fair amount of research before attempting their scams. They might use information readily available on websites and social media to determine business relationships in order to customize their attacks and make them look real.
An attacker might claim, for example, to be an IEEE volunteer and ask you to transfer money or to reply with banking information including account balances. In such situations, the email address used by the attacker might look as though it is coming from an IEEE address or another that you are familiar with.
The IEEE IT Security and Legal and Compliance departments recommend that you consider the following when reviewing messages related to your IEEE volunteer activities:
- Is the message requesting an invoice payment or a payment for other purchases?
- Does the message request sensitive data such as your personal information, bank-account balances, or other financial information?
- Does the message convey a sense of urgency or threaten legal action or other consequences?
- Does the message request payment to avoid the release of compromising information?
- Is the request for payment part of your normal activities or related to a project you are actively working on?
- Is the request coming from someone you normally work with? Does the wording sound like the way that person typically would speak to you?
HOW TO PROTECT YOURSELF
To avoid such scams, first become familiar with and follow IEEE payment processes.
Validate details with the parties involved but do not validate via email and do not use any email addresses or phone numbers included in the message. Instead, use information that you already have or can obtain from IEEE.
Establish a validation process for the approval of financial transactions.
Be particularly careful of email requests that ask you to act immediately, especially if something sounds too good to be true. Think before taking any action.
Trust your instincts. If a request appears to be coming from someone you know but just doesn’t feel right, contact that person using a different communication method. If, for example, the unusual request comes via email, call the person on the phone. Use the IEEE online roster for contact information.
If you receive a call or an email or text message requesting that you take an action—even if appears to be consistent with the responsibilities of your IEEE leadership role—but you are unsure if it is legitimate, notify your supporting IEEE business unit. Contact and support information can be found here.
Gilberto Santiago is senior director of IEEE’s security and network management, in Piscataway, N.J. Jonathan Wiggins is senior intellectual property attorney and chief privacy officer in the IEEE Legal and Compliance Department.