Americans contributed more than $471 billion to charity in 2020, according to the Giving USA Foundation’s annual report on U.S. philanthropy. That generosity supports many amazing organizations that put those billions of dollars to work for health care, education, environmental protection, the arts, and numerous other causes.
October 18th through October 22nd is the annual International Charity Fraud Awareness Week (ICFAW). The ICFAW is led by an international coalition of over 40 charities, regulators, sector and professional representative bodies, and other interested stakeholders. This week aims to raise awareness of and share good practices for tackling fraud and cybercrime among nonprofit organizations.
In support of this vital initiative, the HBK Nonprofit Solutions group and HBK Risk Advisory Services are teaming up to provide the following information. We encourage everyone to learn more about ICFAW.
If you are a charitable donor:
- Make sure that a charitable
organization is legitimate before
Charitable scams are incredibly common, especially as we move into the holiday season. Scammers also follow the headlines: The coronavirus pandemic has brought a bevy of phony appeals to donate to victims or emergency response efforts. Before you decide to write a big check in support of a charity, make sure you check that the organization is legitimate on the IRS website. GuideStar is also a great resource to research whether or not a charitable organization is worthy of your support. Often, it is best to research the organization on both platforms to ensure information is accurate. Other great resources to vet the organization include your state’s registry of nonprofits and the Better Business Bureau.
- Watch for suspicious emails, text
messages, and phone calls.
Social engineering threats, such as phishing emails and fraudulent advertisements, continue to increase at alarming rates due in part to COVID-19. As a general best practice, do not click on links in unsolicited emails, Facebook, or Twitter fundraising messages; they can unleash malware.
Do not donate by text without confirming the number on the charity’s official website.
Do not assume pleas for help on social media or on crowdfunding sites such as GoFundMe are legitimate, especially in the wake of disasters. Remember, fraudsters often create exact replicas of common web pages, making it difficult to spot the difference.
To avoid falling for a fraudulent webpage, make sure you look at the domain name and web address populated in your browser. Does it match the intended organization? Are there any glaring errors or misspellings? Sometimes these may not be so apparent, so be careful. Simple tricks such as switching a lowercase “L” to a number “1” (l vs. 1 –no, those are not the same character) may be the only difference between a legitimate page and a fraudulent one.
If you are absolutely certain the email is trustworthy, take a second to hover over any URLs contained in the body of the email to ensure that it leads to a trusted website. Again, keeping an eye out for misspellings or swapped characters. However, avoiding the click will eliminate the need for vigilance at this stage.
Lastly, we recommend similar actions for voice calls. Rather than disclosing your billing information and contributing money over the phone, advise the representative that you will donate via webpage or mail-in check. Securely navigate to the trusted website via a search engine or known URL.
- Remain vigilant.
Once you have made your contribution, it is essential to remain vigilant. First, make sure you receive your donor acknowledgment letter in a timely manner. These should typically be received soon after your donation is processed and before the end of the year. Secondly, make sure your transaction is processed, or check is cashed promptly. Slow processing could indicate your account information is being used for other things.
Keep a record of your donations and regularly review your credit card account to ensure you were not charged more than you agreed to give or unknowingly signed up for a recurring donation.
Do not make a donation with cash or by gift card or wire transfer. Credit cards and checks are safer.
If you are a charitable organization:
- Watch for suspicious emails, text messages, and
Charities can be a treasure trove of donor information and financial records—information that is very attractive to fraudsters. As discussed above, avoid clicking links in emails and texts and be suspicious of unsolicited phone calls. If it is too good to be true, it probably is. Always verify the source and do not be rushed into a decision.
- Stay educated.
Maintaining an educated workforce is critical. Fraudsters are having an easier time given the recent pandemic, as the workforce is largely working remotely. As such, cybersecurity awareness has never been more important. Consider undergoing awareness training to remain educated on the latest threats and how to avoid them.
- Establish and maintain processes and internal
Established processes and sound internal controls have always been critical, but prior to COVID-19, few organizations faced the task of migrating these processes and controls to remote work environments. COVID-19 and a new environment is no excuse to stray from these fundamental concepts. In fact, it is more important than ever to ensure your processes and controls migrate to, if not strengthen, this new environment.
It should be noted that cybersecurity insurance coverage may be lost if these controls do not remain implemented, so make sure you understand your insurance policy requirements. The dispersed and remote workforce is introducing greater risks, and we are seeing a rise in malicious attacks. Your employees are also out of their routines and may find new ways to accomplish old tasks that could put the organization at risk. This increased risk coupled with a potential loss of coverage can be disastrous.
If you would like to discuss ways in which you can protect yourself, your organization, and/or your employees from fraud and cybercrime, please reach out to your HBK advisor.