This week, the AGCRA National Executive Council (NEC) saw an uptick in phishing attacks. The first hacker pretended to be the NEC Treasurer and requested money from other NEC members.
Additionally, there is an Event Brite phishing email being launched stating the hacker is, "unable to authorize ticket purchases for any upcoming events at this time" because of missing account information. The phishing email also requests you click a malice link to update account information.
AGCRA, as a nonprofit IRS-sanctioned organization, files publicly accessible reports with the IRS. Our practice has also been to post NEC and Chapter Officers on Association webpages within AGCRA.com. Since we have Association Officers posted on our website, it's not difficult for a hacker to determine who is who within each part of AGCRA and how to build a phishing email.
The first sign of a phishing attempt is to check the sender's email address. The next sign is to be suspicious of any requests for money or sensitive information.
The AGCRA NEC requests all Association members to do the following regarding phishing prevention and safety:
* Until you can validate the request, refrain from responding to email requests for money or sensitive information from AGCRA leaders or from what may appear to be legitimate companies or organizations.
* Always check and verify email addresses when conducting AGCRA business.
* If you have questions or suspect a phishing attempt, contact Association officials by other means (e.g., two-factor authentication, phone call, validated text message, Slack app message, etc.).
* Report phishing attempts to Tech@agcra.com and SeniorVP@agcra.com.
* Additionally, Chapters can create their own Chapter email accounts (via Gmail, Yahoo, Hotmail, etc.) rather than using a personal email account to help prevent successful phishing attempts.