Charity Fraud

Americans contributed more
than $471 billion to charity
in 2020, according to the Giving USA
Foundation’s annual report on U.S.
philanthropy. That generosity supports many
amazing organizations that put those billions
of dollars to work for health care, education,
environmental protection, the arts, and
numerous other causes.

October 18th through October 22nd is
the annual International Charity Fraud
Awareness Week (ICFAW). The ICFAW is
led by an international coalition of over 40
charities, regulators, sector and professional
representative bodies, and other interested
stakeholders. This week aims to raise
awareness of and share good practices
for tackling fraud and cybercrime among
nonprofit organizations.

In support of this vital initiative, the HBK
Nonprofit Solutions group and HBK Risk
Advisory Services are teaming up to provide
the following information. We encourage
everyone to learn more about ICFAW.

If you are a charitable donor:

1. 1. Make sure that a charitable
      organization is legitimate before
      donating.

      Charitable scams are incredibly common,
      especially as we move into the holiday
      season. Scammers also follow the headlines:
      The coronavirus pandemic has brought a
      bevy of phony appeals to donate to victims
      or emergency response efforts. Before
      you decide to write a big check in support
      of a charity, make sure you check that the
      organization is legitimate on the IRS website. GuideStar
      is also a great
      resource to research whether or not a charitable
      organization is worthy of your support. Often,
      it is best to research the organization on both
      platforms to ensure information is accurate.
      Other great resources to vet the organization include your state’s registry of nonprofits and
      the Better Business Bureau.

1. 1. Watch for suspicious emails, text
      messages, and phone calls.

      Social engineering threats, such as phishing
      emails and fraudulent advertisements,
      continue to increase at alarming rates due in
      part to COVID-19. As a general best practice,
      do not click on links in unsolicited emails,
      Facebook, or Twitter fundraising messages;
      they can unleash malware.

      Do not donate by text without confirming the
      number on the charity’s official website.

      Do not assume pleas for help on social media
      or on crowdfunding sites such as GoFundMe
      are legitimate, especially in the wake of
      disasters. Remember, fraudsters often create
      exact replicas of common web pages, making
      it difficult to spot the difference.

      To avoid falling for a fraudulent webpage, make
      sure you look at the domain name and web
      address populated in your browser. Does it
      match the intended organization? Are there any
      glaring errors or misspellings? Sometimes these
      may not be so apparent, so be careful. Simple
      tricks such as switching a lowercase “L” to a
      number “1” (l vs. 1 –no, those are not the same
      character) may be the only difference between
      a legitimate page and a fraudulent one.

      If you are absolutely certain the email is
      trustworthy, take a second to hover over any
      URLs contained in the body of the email to
      ensure that it leads to a trusted website. Again,
      keeping an eye out for misspellings or swapped
      characters. However, avoiding the click will
      eliminate the need for vigilance at this stage.

      Lastly, we recommend similar actions for
      voice calls. Rather than disclosing your billing
      information and contributing money over the
      phone, advise the representative that you will
      donate via webpage or mail-in check. Securely
      navigate to the trusted website via a search
      engine or known URL.

1. Remain vigilant.

   Once you have made your contribution, it is
   essential to remain vigilant. First, make sure
   you receive your donor acknowledgment letter
   in a timely manner. These should typically be received soon
   after your donation is processed and before the end of the year.
   Secondly, make sure your transaction is processed, or check is
   cashed promptly. Slow processing could indicate your account
   information is being used for other things.

   Keep a record of your donations and regularly review your
   credit card account to ensure you were not charged more
   than you agreed to give or unknowingly signed up for a
   recurring donation.

   Do not make a donation with cash or by gift card or wire transfer.
   Credit cards and checks are safer.

If you are a charitable organization:

1. 1. Watch for suspicious emails, text messages, and
      phone calls.

      Charities can be a treasure trove of donor information and
      financial records—information that is very attractive to
      fraudsters. As discussed above, avoid clicking links in emails
      and texts and be suspicious of unsolicited phone calls. If it is too
      good to be true, it probably is. Always verify the source and do
      not be rushed into a decision.

1. 1. Stay educated.

      Maintaining an educated workforce is critical. Fraudsters
      are having an easier time given the recent pandemic, as the
      workforce is largely working remotely. As such, cybersecurity
      awareness has never been more important. Consider
      undergoing awareness training to remain educated on the latest
      threats and how to avoid them.

1. Establish and maintain processes and internal
   controls.

   Established processes and sound internal controls have always
   been critical, but prior to COVID-19, few organizations faced the
   task of migrating these processes and controls to remote work
   environments. COVID-19 and a new environment is no excuse
   to stray from these fundamental concepts. In fact, it is more
   important than ever to ensure your processes and controls
   migrate to, if not strengthen, this new environment.

   It should be noted that cybersecurity insurance coverage may
   be lost if these controls do not remain implemented, so make
   sure you understand your insurance policy requirements. The
   dispersed and remote workforce is introducing greater risks, and
   we are seeing a rise in malicious attacks. Your employees are
   also out of their routines and may find new ways to accomplish
   old tasks that could put the organization at risk. This increased
   risk coupled with a potential loss of coverage can be disastrous.

   If you would like to discuss ways in which you can protect
   yourself, your organization, and/or your employees from fraud
   and cybercrime, please reach out to your HBK advisor.

Read the full Fall issue of Insights, the HBK Nonprofit Solutions quarterly newsletter.