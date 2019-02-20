Would you help in paying a Merchant and get reimbursed by [name of the board's financial chair]? [He] not available today due to health reasons, But promised a swift reimbursement before Friday. It's imperative and it's $6,980. I was able to sent out $4000 from my daily savings limit. Get back to me if you can send the remaining $2,980 via Zelle & CashApp. It concerns our YALSA's 2020 Young Adult Services Symposium.

[...]She ignored the message until another member of the committee reached out to her after responding to an identical message. The "assignment" turned out to be a textbook payment scam, and it came from a new email address—"presidentnewboxmailme [at]gmail.com":

Yesterday, the former outgoing chair of the Young Adult Library Services Association's [(YALSA)] Alex Awards Committee (and my wife) Paula Gallagher got a very odd email that purported to be from a colleague within her library system who is a member of YALSA's board. The email asked, "Are you available to complete an assignment on behalf of the Board, And get reimbursed? Kindly advise."

Here's a clue for would-be Internet financial scammers: do not target librarians. They will catch on fast, and you will have wasted your time.

[...]Knowing that Paula worked with the purported sender of the message, the recipient forwarded the message to her and asked, "Seems sketchy... has he been hacked?" Soon, others chimed in on a group chat that they had received similar suspicious messages.

No one fell for the phish.

[...]This attack—targeting members of a non-profit association—is just the latest wrinkle in that trend, borrowing the tactics, if not the precision, of big-dollar targeted attacks against corporations.

[...]associations and other non-profit organizations—which may have both somewhat less money and somewhat less in the way of centralized IT—are now apparently being targeted because of their nature. They have very public websites as part of their mission outreach, filled with the names and email addresses of people willing to do many things for the organization's mission—including reaching for their own wallets.

[...]Until Zelle, CashApp, and other peer-to-peer payment providers offer a way to help spot fraudulent accounts, they'll continue to be a popular target.

If you need more tips on spotting these kinds of scams... just ask a librarian.