Charities can erode fraudsters’ financial gains this giving season by making the attack economically non-viable
All over the world, people use Giving Tuesday to donate and support the causes they care about the most. Although, people donate the year round, but Giving Tuesday is exceptional with people opening up their hearts and purse strings.
As charities around the world begin transitioning from cash and checks to accept online donations, and storing digital data, they are facing fraud in every manner possible. From social media to crowdfunding websites and national disasters, fraudsters are capitalizing every opportunity to steal the funds meant for a good cause. But, they are especially active on Giving Tuesday to exploit the goodwill of the people during the giving season. According to a report from Network for Good, 30% of giving to charities takes place during the period between Giving Tuesday and New Year’s eve. This makes the giving season most susceptible to charity fraud.
In 2017, Americans donated more than $410 billion to charities, says the annual report on US philanthropy released by the Giving USA Foundation. Fraudsters have found a multi-billion opportunity in scamming these charities for their own financial gain.
Fraudsters fake genuine charities by creating their lookalike websites. They scrape content from similar campaigns and change a few words here and there so it looks genuine and unique. But when it comes to account details where donors can send money, they are spoofed. Fraudsters faking as representatives of fake charities may send emails requesting for donations and follow it up with calls. They also use social engineering to play on the emotions of the people to coax them into donating in cash, immediately. And if people don’t want to donate, they are made to feel guilty how some critically ill kid might miss out on a much-needed treatment. Once people give in and donate, they get added to the ‘sucker list’ and are targeted in a number of other ways.
Fraudsters use push-payment techniques to encourage employees of a charity to transfer funds to an account which the fraudsters control. They impersonate a high-level executive—usually the finance director or CEO—to send out emails to the employees asking for immediate payment of attached invoices, only that the beneficiary accounts are those under fraudster control. A charity in the UK lost £13,000 after its CEO’s email ID was hacked and used to instruct the finance manager to release the funds.
Fraudsters use malware to attack a charity’s network to steal payment and account details of the donors, trustees, patrons, staff members, and even volunteers. Easy availability of tools and cheap labor are making it easier than ever for fraudsters to steal funds and data held by the charities, which they can easily sell off on the dark web or use them for identity fraud later. They also use ransomware to lock out the data and threaten exposing it to the external world unless they are paid ransom.
Inadequate fraud prevention
To add to the angst, most charities do not have adequate security measures in place to identify and block fraud. Many charities exchange data with marketing companies for their campaigns, which provides fraudsters with an attack surface to intercept the data and exploit it for their financial gain. Bigger charities are generally more aware of the data privacy and their vulnerability to attack. However, out of fear of damage to their reputation and future donation prospects, most fraud cases go unreported. Smaller charities, on the other hand, do not consider themselves vulnerable to fraud, and therefore may not be as proactive in preventing fraud.
Make fraud financially non-viable
Low security measures and relatively inadequate fraud-prevention mechanisms can make charities more vulnerable to malicious fraud attempts this giving season. To ensure their donors and data are safe, so they can continue to render their services efficiently, charities must adopt a long-term fraud-prevention approach that strikes at the financial viability of fraud and makes it non-viable. To learn more, schedule a demo now.