From time to time scammers attempt to take advantage of not for profits and religious organisations. We have recently become aware of an attempt to ‘hack’ into a church Officer’s email account. Known as ‘spear-phishing’ or ‘CEO scamming’ a bogus email was sent purporting to be from the church officer with the request to make a payment. The CCFS banking platform is secure and certified by Australia’s banking regulator (APRA). This high level of security blocks scammers and often scammers redirect their attention to church Treasurers or accounts payable staff to elicit their co-operation.
Please be extra careful when processing payments via electronic funds transfer. Churches should review their internal control systems to ensure that payment requests are genuine and that the destination account number is correct. Here are some practical steps you can take to minimise this type of fraud:
- Check that the sender’s email address is correct. Often an email scammer will give an email identity different from the actual email address.
- Be sceptical about requests to transfer funds or data coming from a senior staff member’s email address. Seek verbal or face to face confirmation from the church officer requesting payment
- Don’t use the reply function to an email you believe might not be legitimate – send a fresh one to avoid being routed to an alias address.
- Obtain invoices and associated paperwork before processing payment.
- Payments to new payees should have details verified. For example, call the payee by phone.
- As a further precaution churches should ensure that individual email addresses are removed from their website. To minimise fraud many churches use a contact form as an alternative.
Where possible, ensure email security is set up to guard against sender address forgery.
Please advise us of any unauthorised attempt to defraud your organisation via phone, email or the contact form on our website.