Charity Fraud

Americans contributed more than $471 billion to charity in 2020, according to the Giving USA Foundation’s annual report on U.S. philanthropy. That generosity supports many amazing organizations that put those billions of dollars to work for health care, education, environmental protection, the arts, and numerous other causes.

October 18th through October 22nd is the annual International Charity Fraud Awareness Week (ICFAW). The ICFAW is led by an international coalition of over 40 charities, regulators, sector and professional representative bodies, and other interested stakeholders. This week aims to raise awareness of and share good practices for tackling fraud and cybercrime among nonprofit organizations.

In support of this vital initiative, the HBK Nonprofit Solutions group and HBK Risk Advisory Services are teaming up to provide the following information. We encourage everyone to learn more about ICFAW.

If you are a charitable donor:

  1. Make sure that a charitable organization is legitimate before donating.

    Charitable scams are incredibly common, especially as we move into the holiday season. Scammers also follow the headlines: The coronavirus pandemic has brought a bevy of phony appeals to donate to victims or emergency response efforts. Before you decide to write a big check in support of a charity, make sure you check that the organization is legitimate on the IRS website. GuideStar is also a great resource to research whether or not a charitable organization is worthy of your support. Often, it is best to research the organization on both platforms to ensure information is accurate. Other great resources to vet the organization include your state’s registry of nonprofits and the Better Business Bureau.

  2. Watch for suspicious emails, text messages, and phone calls.

    Social engineering threats, such as phishing emails and fraudulent advertisements, continue to increase at alarming rates due in part to COVID-19. As a general best practice, do not click on links in unsolicited emails, Facebook, or Twitter fundraising messages; they can unleash malware.

    Do not donate by text without confirming the number on the charity’s official website.

    Do not assume pleas for help on social media or on crowdfunding sites such as GoFundMe are legitimate, especially in the wake of disasters. Remember, fraudsters often create exact replicas of common web pages, making it difficult to spot the difference.

    To avoid falling for a fraudulent webpage, make sure you look at the domain name and web address populated in your browser. Does it match the intended organization? Are there any glaring errors or misspellings? Sometimes these may not be so apparent, so be careful. Simple tricks such as switching a lowercase “L” to a number “1” (l vs. 1 –no, those are not the same character) may be the only difference between a legitimate page and a fraudulent one.

    If you are absolutely certain the email is trustworthy, take a second to hover over any URLs contained in the body of the email to ensure that it leads to a trusted website. Again, keeping an eye out for misspellings or swapped characters. However, avoiding the click will eliminate the need for vigilance at this stage.

    Lastly, we recommend similar actions for voice calls. Rather than disclosing your billing information and contributing money over the phone, advise the representative that you will donate via webpage or mail-in check. Securely navigate to the trusted website via a search engine or known URL.

  3. Remain vigilant.

    Once you have made your contribution, it is essential to remain vigilant. First, make sure you receive your donor acknowledgment letter in a timely manner. These should typically be received soon after your donation is processed and before the end of the year. Secondly, make sure your transaction is processed, or check is cashed promptly. Slow processing could indicate your account information is being used for other things.

    Keep a record of your donations and regularly review your credit card account to ensure you were not charged more than you agreed to give or unknowingly signed up for a recurring donation.

    Do not make a donation with cash or by gift card or wire transfer. Credit cards and checks are safer.

If you are a charitable organization:

  1. Watch for suspicious emails, text messages, and phone calls.

    Charities can be a treasure trove of donor information and financial records—information that is very attractive to fraudsters. As discussed above, avoid clicking links in emails and texts and be suspicious of unsolicited phone calls. If it is too good to be true, it probably is. Always verify the source and do not be rushed into a decision.

  2. Stay educated.

    Maintaining an educated workforce is critical. Fraudsters are having an easier time given the recent pandemic, as the workforce is largely working remotely. As such, cybersecurity awareness has never been more important. Consider undergoing awareness training to remain educated on the latest threats and how to avoid them.

  3. Establish and maintain processes and internal controls.

    Established processes and sound internal controls have always been critical, but prior to COVID-19, few organizations faced the task of migrating these processes and controls to remote work environments. COVID-19 and a new environment is no excuse to stray from these fundamental concepts. In fact, it is more important than ever to ensure your processes and controls migrate to, if not strengthen, this new environment.

    It should be noted that cybersecurity insurance coverage may be lost if these controls do not remain implemented, so make sure you understand your insurance policy requirements. The dispersed and remote workforce is introducing greater risks, and we are seeing a rise in malicious attacks. Your employees are also out of their routines and may find new ways to accomplish old tasks that could put the organization at risk. This increased risk coupled with a potential loss of coverage can be disastrous.

    If you would like to discuss ways in which you can protect yourself, your organization, and/or your employees from fraud and cybercrime, please reach out to your HBK advisor.

Read the full Fall issue of Insights, the HBK Nonprofit Solutions quarterly newsletter.

About the Author(s)

Kathleen has over 35 years of experience providing auditing, accounting, tax and consulting services to privately held businesses and not-for-profit organizations. She specializes in preparing tax-exempt status applications, consulting on charitable regulations, and providing outsourced management and accounting services. She routinely consults with organizations that receive federal and state funding. Kathleen as worked with a wide variety of nonprofit organizations, including membership organizations, public charities, private foundations, and special improvement districts. She frequently addresses conferences and meetings, and business and governmental organizations on nonprofit-related issues. Her community service includes positions on several boards, including currently as vice-chair of the Union County Education Services Foundation and previously the Two Hundred Club of Union County and the United Way of Union County.

Matthew has 13 years of extensive internal control experience in information technology and the financial reporting processes. He leads HBK’s Risk Advisory Services where he assists clients with System and Organization (SOC) 1 and SOC 2 readiness assessment and examination. Additionally, he helps clients assess the design, implementation, and effectiveness of cybersecurity controls and their ability to achieve industry best practices and security frameworks such as ISO 27001. His client base includes Software-as-a-Service organizations, cybersecurity and incident response service organizations, and service organizations supporting the healthcare and financial services industries. Matthew joined HBK in early 2017 after spending four years working for Kearney and Company in Washington, DC, as a consultant to the Department of Defense. For more information contact Matthew at (724) 934-5300; or by email at

Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.