While the Michigan Attorney General’s office is sounding the alarm about scams connected to online shopping and COVID-19, CMF staff identified an email threat within our own network.

CMF was alerted to two situations where nonprofit board treasurers received emails disguised as if they were sent by the board chairs, asking for specific financial information. Both situations took place last week involving CMF board members and staff who serve in a treasurer role on an outside board.

CMF’s technology team investigated the issue and determined these were very targeted and customized email attacks.

The suspicious messages included:

• Claims about unpaid invoices.

• Requests for banking information.

• Real email signatures of the individuals the scammer was portraying.

In both situations, the individuals who were contacted did not have any of the information the scammer was seeking, and due to the suspicious nature of the emails, immediately alerted CMF’s technology team.

CMF is working closely with our state and national partners in monitoring this issue. At this time, we have not received any information to indicate this is a widespread attack. 

How can you protect yourself?

• Be suspicious of any emails asking for credit card or banking information.

• Verify the sender’s email address. Many hacking attempts use a similar email with typos or may use a “president@....” or foundationname@gmail.com in an attempt to appear credible.

• Do not respond to unexpected requests or transactions. If you have a question or concern call the individual at their known phone number. Do not call the phone number listed in the email.

CMF is Here to Support You

If you have questions or concerns about an email you receive or need any additional resources, we encourage you to connect with Bill Corkill, senior vice president for IT and membership systems. We also encourage you to forward any emails related to an attempted phishing attack, fraud or any other suspicious emails to cmfsupport@michiganfoundations.org so that we may track and monitor these messages. We will use this data to continue informing our community of philanthropy about new threats or attempts taking place across our field.