Recently, multiple AGCRA Chapters experienced phishing attacks. The hacker pretended to be the Chapter President and requested money from Chapter members.
AGCRA, as a nonprofit IRS-sanctioned organization, files publicly accessible reports with the IRS. Our practice has been to post Chapter Officers on Chapter webpages within AGCRA.com. Since we have Chapter Officers posted on AGCRA.com, it's not difficult for a hacker to determine who is who within each Chapter and then build a phishing email.
The phishing attempts came from an email ending in @virginmedia.com, which does not belong to any of our Chapter Presidents. Additionally, to date our AGCRA IT Team has not seen any internal compromise of our website.
The AGCRA National Executive Council (NEC) wants all AGCRA members to do the following regarding phishing prevention and safety:
* Until you can validate the request, refrain from responding to email requests for money from AGCRA Chapter or NEC leaders.
* Always check and verify email addresses when conducting AGCRA business.
* If you have questions or suspect a phishing attempt, contact Association officials by other means (e.g., two-factor authentication, phone call, validated text message, Slack app message, etc.).
* Report phishing attempts to Tech@agcra.com and SeniorVP@agcra.com.
* Additionally, Chapters can create their own Chapter email accounts (via Gmail, Yahoo, Hotmail, etc.) rather than using a personal email account to help prevent phishing attempts.