IEEE leaders—including society presidents, region treasurers, section chairs, and conference organizers—have been exposed to phishing attempts, according to IEEE’s IT security department. Hackers have tried to gain access to their group’s bank accounts and to volunteers’ user IDs and passwords.
Email that looks like it is from a legitimate source such as an @ieee.org address or one that might be familiar to the recipient could be from a hacker, according to Gil Santiago, senior director of IEEE’s security and network management, in Piscataway, N.J. The attacker, for example, might pose as another IEEE volunteer requesting funds to be transferred or seeking bank-account information with an email address that includes the volunteer’s name.
“Hackers find information about volunteers by researching organizations to understand their leadership structure,” Santiago says. “The attacker will use that information to gain your trust.”
Here are some tips on how to protect IEEE’s information.
Become familiar with IEEE’s payment and financial processes.
If someone asks you via email to do something inconsistent with the processes, don’t.
- Beware of wire transfer requests.
This request is a common trick used to gain access to money. Phishers look at IEEE’s website or its social media accounts to find the name of a leader. In a message that looks like it came from that person, they then request an immediate wire transfer. One of the best ways to combat such an attack, Santiago says, is simply to call the actual person at IEEE whose name that email was sent under. But don’t use the contact information provided in the suspicious message.
- Pay close attention to the sender’s email address.
Always verify email that comes from questionable domains. It is common for a phisher to set up a fake domain with a similar-looking name and then send email from that account. IEEE does business around the world, so there’s always the possibility you could receive messages from anywhere, but take care in opening those from unfamiliar domains. Although there’s a chance the communication is legitimate, it’s worth verifying.
- Be leery of requests for your password or personal information.
IEEE will never ask for your personal information or your password, or request that you change your password via an email link. To confirm if a similar request is real, contact the IEEE Support Center or call the IEEE Contact Center at +1 800 678 4333 (U.S. and Canada) or +1 732 981 0060 (worldwide).
- Share limited information on social media.
Do not share personally identifiable information or passwords on social media. Also consider not posting information about your whereabouts, such as travel to an IEEE event. Attackers can use that information to make their phishing attempts more credible.
Trust your instincts.
If something does not feel right, take steps to confirm before acting, Santiago says. If you receive a phone call or email or text message requesting that you take an action—even if it is consistent with your IEEE leadership responsibilities—but you are unsure if the communication is legitimate, contact your IEEE business unit for verification.