On October 29, many received an email from Christopher Oechsli, president of Atlantic Philanthropies, saying the New York foundation was planning on randomly giving away $1 million. The email stated that recipients should consider themselves to be “lucky individuals.”
Unfortunately for these email recipients, the foundation, which announced plans to stop its operations by 2020, was not just blindly getting rid of its assets. Instead, the foundation was the victim of an email phishing attack, which uses well-known names to trick email recipients into providing personal information such as their social security or bank account numbers. The foundation has been attacked seven times in the past 18 months.
Luckily the foundation was tipped off by some email recipients who contacted the foundation to ask whether the emails were legitimate. The foundation immediately posted a warning on its website regarding the fake emails. The foundation also asked recipients of the phishing emails to report them.
The Anti-Phishing Working Group, a worldwide coalition that aims to unify the global response to cybercrime, reports that 6,271 phishing attacks in the first half of 2014 targeted the “.org” Internet domain name used by nonprofits. World Vision, a nonprofit organization dedicated to tackling the causes of poverty and injustice, has been a consistent victim of phishing attacks. The organization has been attacked at least monthly with attacks spiking during high-profile disasters. The emails have varied, including offering employment or soliciting donations. World Vision recommends that potential donors type the organization’s URL into their web browser to ensure that donations end up in the right place.
Has your organization been the victim of a phishing attack? If so, share with us how it occurred and what steps were taken to combat future phishing attacks.