There has been an increase in the frequency and persistence of cybersecurity threats and phishing scams targeting IEEE and many other organizations around the world.
As a not-for-profit organization, information about our IEEE volunteers and staff is often readily and legitimately available online and may be accessible to anyone with access to modern search engines. Would-be scammers often use spoofed email addresses and sometimes compromised email accounts that will often appear as a legitimate email coming from someone known to the recipient. Information from public social media postings and other sources often provides additional material of aid to bad actors.
As some of you may be aware, there has recently been a campaign of scam emails and phone calls targeting Region 10 volunteers, soliciting funding transfers in the name of IEEE leadership. There is no indication that any IEEE volunteer fell victim to the fraudulent requests.
Several recipients of the scam reached out to local IEEE leaders and to IEEE staff to verify the false nature of the emails and phone calls. I applaud these volunteers for their skepticism. Seeking confirmation of the legitimacy of inappropriate messages and being alert to the likelihood that these messages were fraudulent is exactly the right thing to do.
There are several actions we can take to help spot and respond to key cybersecurity events and reduce the risks to IEEE. Attached are two brochures that provide tips on protecting yourself and IEEE from phishing and other financial email scams. Please share this information with other volunteers you work with.
Please feel free to contact the IEEE IT security team at firstname.lastname@example.org if you have any question, concerns, or need help with this topic.
I encourage all of you to maintain continued vigilance.
With Best Regards,