"Scammed San Francisco Nonprofit Falls Victim to Costliest Type of Cybercrime”
In April 2022, thieves hacked the email account of the nonprofit's bookkeeper, then inserted themselves into a long email thread, sent messages asking to change the wire payment instructions for a grant recipient, and made off with $650,000.
Source: https://www.cbsnews.com/sanfrancisco/news/scammed-san-francisco-nonprofit-falls-victim-to-costliest-type-of-cybercrime/

It can and does happen to organizations like yours

Nonprofit organizations often believe they are not an active target for cybercriminals. This is a misconception that can lead to a devastating outcome. With an extensive list of initiatives, limited resources, and employee turnover, security planning can be overlooked for too long.

Protecting your organization should be a top priority and, with our help, educating your employees about cybersecurity doesn’t have to be intimidating. Start by following the 5 Es of cybersecurity below.


  • Understand every step of your business process
    • Determine where there may be risks, and develop controls to mitigate them
  • Create procedures that are well-defined, repeatable, and testable 
    • Include testing of the controls


  • Follow your tested procedures
    • Do not deviate unless there is a valid reason; deviations should have secondary review and the nature and reason documented
  • Consider rewriting your procedures if there are frequent deviations


  • Understand current and emerging threats including malware, phishing, social engineering, etc. and best practices to protect against them 
  • Train employees to recognize red flags within emails and text messages, and understand the escalation process in the event one appears


  • Give your employees the ability to question when something doesn’t seem right (e.g., when an employee suddenly begins receiving emails from the CEO)
  • Make it convenient and comfortable for employees to speak up when they have questions

Evolve and Enhance

  • Be mindful of the consistently changing threat landscape
    • Criminals are evolving to elude security efforts too
  • Monitor and modify your procedures to align against the changing threat environment as often as possible
  • Review, test and modify procedures and continuity plans on a predetermined schedule – do not deviate from the schedule

Ready to Help

PNC Institutional Asset Management® assists nonprofits in understanding the identification of red flags and communicating cyber hygiene best practices. If your organization would like assistance, please reach out to your PNC Representative or submit this Contact Us Form.