Don’t Let This Happen: Duped Into Issuing Online Payment
At Little League® International in Williamsport, Pa., and at our Regional Offices, calls and emails come in all year long about different situations that are happening at some of our 7,000 local leagues. Many of these calls and emails inform us of some very positive initiatives spearheaded by our millions of volunteers. However, there are also negative situations.
“Don’t Let This Happen to Your League” details a real-world scenario, how it has impacted a league, and how you might learn from it.
The names have been omitted in the following scenario, but the situation is real.
Situation
A local league Treasurer receives an email seemingly from the League President asking for her to pay for league equipment, baseballs, and softballs to the total of $6,300. The Treasurer acts on the request, and pays the balance through the website link provided in the League President’s email. At the next monthly meeting of the league’s Board of Directors, the Treasurer presents the monthly financial report, highlighting each outlay of funds, including the payment of $6,300. Not remembering authorization of a payment in that amount, the League President asks the Treasurer to provide the purchase order and receipt of payment, and has the Secretary check the minutes for approval. The Treasurer assumed the league’s Purchasing Agent still had the paperwork, and the Treasurer did not think to print the payment receipt before clicking to authorize the payment. After reviewing the minutes from their last meeting, the Secretary confirmed that is no record of the Board approving a purchase in that amount.
Outcome
After the meeting, the Treasurer printed out the email for the League President to see. She realized that even though the League President’s name was on the email, the email address did not match the League President’s email address. The League President and Treasurer came to the realization that the email was a “spam scam” created to specifically deceive and defraud. Intent on recouping the loss, the local league attempted to file a crime insurance claim with its insurance carrier. Unfortunately for the league, neither a crime or cyber liability insurance policy would cover such a claim, because the funds were paid out voluntarily by the league.
Solution
Cyber Liability Insurance underwriters referred to this circumstance as “Impersonation Fraud,” but note that it is NOT covered by cyber liability insurance. Little League International’s Risk Management and Finance Departments advise its local leagues to itemize all purchase orders, reconcile all purchases and provide receipts as part of the Treasurer’s monthly financial report to the Board of Directors, and not allow any online orders in excess of $200 to be paid without verbal confirmation by the Treasurer and League President. It is also imperative that anyone authorized to use and review the league’s email account must pay close attention to all email solicitations. Do not open any emails from companies or individuals that seem suspicious, or that the league has not identified as a legitimate vendor of goods and services. Be diligent to use search engines such as Google, Bing, or Yahoo to research companies and names that are identified in any suspicious emails.