Deborah Maklowski, CPSA President, sent us this letter requesting that we pass it on to our members. It is a little long but it is important to read.
Dear chapter colleagues,
We have recently learned that a financial scam was directed against the board members of one of our CPSA district chapters. We want to make sure you are all aware and are on guard against any future scams of this kind. PLEASE SHARE THIS EMAIL WITH ALL YOUR CHAPTER MEMBERS. We have no way of knowing who will be the target of the next attempt.
In this case, we think the scammer was able to contact the chapter's board members directly because their personal email addresses were available from the chapter's website. The scammer -- who used this email: firstname.lastname@example.org -- sent an email to each board member pretending to be the chapter president. The board members were each instructed to purchase six $100 eBay or GooglePlay gift cards (claiming they were to be donated to a veterans' hospice), scratch the back of each card to access the PIN number, and then send the PIN numbers either to the scammer, by replying to the email he was using, or to another fake email -- email@example.com -- identified as "Veterans' Hospice Palliative Care" (but actually the scammer). Last, the board members were assured that the chapter president, whose signature ("FirstName LastName, President") was at the bottom of the email, would "be liable" for reimbursing the board members.
Next time it may be different amounts, different types of gift cards, a different charity identified as the recipient, or different emails to which the PIN numbers are to be sent, but the basic scam will be the same: someone you think you know, but probably using an email you've never seen before, will ask you to buy gift cards and send them the PIN numbers and will promise to pay you back.
How do you protect yourself? Here are a few rules.
1. Never buy gift cards just because someone else asks you to. Gift cards are the most frequently used currency for scams like this. And no one you actually know will ever ask you to send them the PIN numbers. Really.
2. Ask yourself whether this is something the chapter board or president ever discussed the chapter doing. Does it sound at all likely? If you're not sure, call the president directly and ask, before you do anything else. Your very best defense is a healthy skepticism.
3. Always check the sender's email. In this case, it's visible and an obvious fake. If it's not visible, roll your mouse over the link that is the sender's name and see what it says.
4. Never make your personal email addresses available on your chapter website. Use the official chapter email forwarder ( firstname.lastname@example.org) that has been created for you. Or set up a "contact us" link that opens a secure page that people can use to reach the chapter. Corporate image director CJ Worlein ( email@example.com) can help you with that.
5. And just as a general rule, never click on any links in suspicious or unsolicited emails. Never never never. No cute or funny video or photo is worth the anguish of the damage that malicious software can do to your computer. Again, when in doubt, check with the person who is the purported sender before you do anything else.
The bottom line: If someone's asking you to send them money, or anything that equals money (gift cards, PIN numbers, account numbers, Western Union transfers, MoneyGrams, etc.) ALWAYS assume it's a scam until you reach the real and actual person you think it is to confirm that the request is legitimate. Sad to say, it probably won't be. This is just the world we live in.
-- Deborah Maklowski, CPSA, CPX