Treasurers and Associations need to be aware of this scam as it was attempted on me over the Thanksgiving day holiday

Tim, thank you for posting this. What scoundrels.

As I said, it was not from the presidents account (and they confirmed that comcast deleted the account they had years before).

I agree that it was definitely targeted.
First names (vs. first and last) were used.
A plausible response was provided for the initial questions asked.

I'm glad I was aware enough to ask questions.

The fact that they wanted a wire transfer or money gram indicates (to me) that it likely came from overseas.

There wouldn't. It would require approval of the Board.

I will note that when I thought this was a legit email, after a few hours of no response, I sent the following to all Officers, Directors and Committee Chairs:

All,

Based on a question I received, I thought it would be good to go over the Associations process of expending funds, vetting vendors and awarding contracts.

No Officer, Director or Committee member has authority to enter into a contract with any vendor unless the Board, by majority vote held at a properly noticed open meeting, specifically grants such authority.

The only exception is normal administrative items (postage, printing, office supplies, etc.) for Association use which the individual purchases with their own funds and provides a receipt for reimbursement.

Projects, tree removals/pruning, replacement equipment, repairs, non-administrative supplies, etc, requested or initiated by Association members, a Committee, Officer or Director are first proposed to the entire board at a properly noticed open meeting.

Once discussed, the Board will authorize an Officer or Committee Chair to solicit bids from companies identified by the board or the Board will simply utilize any bids brought forward with the proposal to make informed decisions when awarding contracts.

Decisions to award contracts to specific vendors are done, after discussion and review of bids/finances, by a majority vote of the board held at a properly noticed open meeting. In urgent or emergency situations, contracts are awarded by Action without meetings (AWM). Per statute, any AWM requires unanimous approval and written documentation of such approval is to be attached to the minutes of the following open meeting.

An AWM request is sent to all Board members via email with a brief description, reason why and proposed action. See previous minutes for examples of AWMs.

As you know, this Association doesn't own a credit card or a debit card.
Payments are made by check after vendor invoices, or receipts for reimbursement, are received and submitted to the Treasurer.

If a vendor refuses to take a check, Directors, Officers and committee chairs have the option of utilizing their personal finances and submit receipts for reimbursement. Ideally, this information is known prior to the awarding of any contract.

This process is based on the language used within our governing documents and applicable statutes.

Make sure to report this to the BBB. They keep track of such issues. It may help someone who fell for this scam.

I would have questioned the way the request of payment was requested. That type of payment would be WAAAY out of the norm for our HOA. Red Flags would no doubt been raised. Good you caught it!

I guarantee that someone from some country has more information on you than you have. It is either stolen, hacked, sold or given away for free. I get all kind of garage emails, but always check the header if suspicious.

The BBB is run by businesses for businesses. If a complaint is made against a business that's a member of the local BBB then you might get a response. Your local BBB is not concerned that Mr. Oumuamua from Nigeria is trying to scam you through email.

Just so people are aware, Melissa is correct that the BBB does track scams and phishing.

See: https://www.bbb.org/scamtracker/us

If you want to report a scam or phishing to the BBB, see:

https://www.bbb.org/scamtracker/north-east-florida/ReportScam

So how do you know about the Nigerian Prince scam? It was because the BBB told the press so people would be aware... It's kind of their thing... Go figure or can you without flip-flops?

Melissa,

There are many companies that track internet rumors, scams and phishing.
The FTC is one of them (yes, you can forward scam or phishing or UCEs to the FTC directly).
To think that all of the information out there about scams, phishing, etc. is due to one company vs. another vs. a reporter actually receiving the scam/phishing/UCE directly, is unrealistic.

Its nice that the BBB tracks these things and make them available if your interested to look.
However, other companies do this as well (and in my opinion, do it better).

To find names of such companies, simply do an internet search on report phishing
or report spam

Setting the from address for an email is easy, anybody can use any From address they want. The bigger problem for the scammer is how to take control of an address that had previously been used by the president. They would most likely need to have a Comcast service account, find that the email address was available, and register for it with Comcast.

No. The Nigerian scammers have been known to the world at large for years. The BBB, if they had anything to say about it, was late to the party with their warnings and alerts. The BBB is run by businesses for businesses and not for anything or anybody else.