Online security isn’t something I usually write about, but it’s National Cyber Security Awareness Month, so ‘tis the season. And as the CEO of an online cause engagement platform that companies use to manage their employee volunteer and giving programs, including disaster relief efforts, security is an important issue I get asked about a lot.
The greatest scams accompany the times of greatest need, and natural disasters are a match made in heaven for fraudsters. Amidst the fog of chaos, when normal channels of communication are compromised, con artists take advantage of open hearts and wallets, steering well-intended donations to phony nonprofits.
We see this story play out during every national and international human crisis. In the aftermath of Hurricane Katrina, the American Red Cross asked the FBI to investigate at least 15 fake websites that were designed to look like legitimate Red Cross appeals for donations. Even before Katrina hit, internet fraud experts saw scammers registering dozens of websites with Katrina in their names. After Hurricane Sandy, one charity calling itself the Hurricane Sandy Relief Effort raised $600k for storm victims, but it was all actually a ploy to help a couple of con artists with their own credit card relief.
Charity scams are often quite sophisticated fundraising ideas, sometimes expertly imitating real nonprofits in ways that are tough to detect. And when someone falls for a fake charity, social media-savvy fraudsters can magnify the mistake by making that person’s friends aware of the donation, lulling them into trusting a nonprofit that their friend supports.
For companies that are encouraging their employees to donate to nonprofits and get involved in disaster relief efforts, either on their own or through company-sponsored campaigns, the question of security is critical. While company leaders are less likely to impulsively commit corporate dollars towards fly-by-night charities, individual employees are more vulnerable to predatory fraudsters who play on their emotions during tragedies.
No company wants to match donations to an employee’s chosen nonprofit only to find that the charity is a scam. And no company wants to worry that financial transactions flowing from its employees’ wallets are at risk, and that social media tools connected to their giving platform are unwittingly perpetuating a fraud.
As the next Hurricane Joaquin barrels up the coast, your company might find itself creating a disaster relief campaign to help with the aftermath. Whether you’re encouraging donations through a company-sponsored campaign with vetted nonprofits or not, this is a time when people tend to donate more than usual and may well be lured into the web of a fake charity. So it’s a good idea to disseminate the safety precautions advised by the Federal Trade Commission:
Avoid any charity or fundraiser that:
- Refuses to provide detailed information about its identity, mission, costs, and how the donation will be used.
- Won’t provide proof that a contribution is tax deductible.
- Uses a name that closely resembles that of a better-known, reputable organization.
- Thanks you for a pledge you don’t remember making.
- Uses high-pressure tactics like trying to get you to donate immediately, without giving you time to think about it and do your research.
- Asks for donations in cash or asks you to wire money.
- Offers to send a courier or overnight delivery service to collect the donation immediately.
- Guarantees sweepstakes winnings in exchange for a contribution. By law, you never have to give a donation to be eligible to win a sweepstakes.
Refer to this charity checklist to suss out the real deals from the fakers:
- Ask for detailed information about the charity, including name, address, and telephone number.
- Get the exact name of the organization and do some research. Searching the name of the organization online — especially with the word “complaint(s)” or “scam”— is one way to learn about its reputation.
- Call the charity. Find out if the organization is aware of the solicitation and has authorized the use of its name. The organization’s development staff should be able to help you.
- Find out if the charity or fundraiser must be registered in your state by contacting the National Association of State Charity Officials.
- Check if the charity is trustworthy by contacting the Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.
- Ask if the caller is a paid fundraiser. If so, ask:
- The name of the charity they represent
- The percentage of your donation that will go to the charity
- How much will go to the actual cause to which you’re donating
- How much will go to the fundraiser
- Keep a record of your donations.
- Make an annual donation plan. That way, you can decide which causes to support and which reputable charities should receive your donations.
- Visit this Internal Revenue Service (IRS) webpage to find out which organizations are eligible to receive tax deductible contributions.
- Know the difference between “tax exempt” and “tax deductible.” Tax exempt means the organization doesn’t have to pay taxes. Tax deductible means you can deduct your contribution on your federal income tax return.
- Never send cash donations. For security and tax purposes, it’s best to pay by check — made payable to the charity — or by credit card.
- Never wire money to someone claiming to be a charity. Scammers often request donations to be wired because wiring money is like sending cash: once you send it, you can’t get it back.
- Do not provide your credit or check card number, bank account number or any personal information until you’ve thoroughly researched the charity.
- Be wary of charities that spring up too suddenly in response to current events and natural disasters. Even if they are legitimate, they probably don’t have the infrastructure to get the donations to the affected area or people.
- If a donation request comes from a group claiming to help your local community (for example, local police or firefighters), ask the local agency if they have heard of the group and are getting financial support.
- What about texting? If you text to donate, the charge will show up on your mobile phone bill. If you’ve asked your mobile phone provider to block premium text messages — texts that cost extra — then you won’t be able to donate this way.
If an employee thinks he’s been the target of a scam, make sure to report it by filing a complaint with the Federal Trade Commission, which can help the agency detect patterns of wrongdoing and lead to investigations and prosecutions.
As you build and nourish a corporate culture of giving back, make sure you also cultivate company-wide education and awareness to keep your employees safe from charity scams.
Also on Forbes:
This article was written by Ryan Scott from Forbes and was legally licensed through the NewsCred publisher network.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.