Donating to Charity Online

International Charity Fraud Awareness Week


This week, October 19th through October 23rd, is the third annual International Charity Fraud Awareness Week (ICFAW). The ICFAW is led by an international coalition of over 40 charities, regulators, sector and professional representative bodies, and other interested stakeholders. The goal of this week is to raise awareness of, and to share good practices for, tackling fraud and cybercrime among non-profit organizations.

In support of this important initiative, the HBK Non-Profit Solutions group and HBK Risk Advisory Services is teaming up to provide the following information. We encourage everyone to learn more about ICFAW here:

If you are a charitable donor:

  1. Make sure that a charitable organization is legitimate before donating.

    Charitable scams are incredibly common, especially as we move into the holiday season. Before you decide to write a big check in support of a charity, make sure you check that the organization is legitimate on the IRS website ( GuideStar ( is also a great resource to research whether or not a charitable organization is worthy of your support. Often, its best to research the organization on both platforms to ensure information is accurate.

    Other great resources to vet the organization include your state’s registry of non-profits and the Better Business Bureau.

  2. Watch for suspicious e-mails, text messages, and phone calls.

    Social engineering threats, such as phishing e-mails and fraudulent advertisements, continue to increase at alarming rates due in part to COVID-19. As a general best practice, avoid clicking links received via email and text. If you find a message or organization of particular interest, its often best to access their webpage via an internet search or typing their URL directly into the address bar of your browser—after ensuring they are legitimate, of course (Item #1). This extra step will reduce the risk of being misdirected to a fraudulent webpage. Remember, fraudsters often create exact replicas of common webpages making it difficult to spot the difference.

    To avoid falling for a fraudulent webpage, make sure you look at the domain name and web address populated in your browser. Does it match the intended organization? Are there any glaring errors or misspellings? Sometimes these may not be so apparent, so be careful. Simple tricks such as switching a lowercase “L” to a number “1” (l vs 1 –no, those are not the same character) may be the only difference between a legitimate page and a fraudulent one.

    If you are absolutely certain the email is trustworthy, take a second to hover over any URL’s contained in the body of the e-mail to ensure that it leads to a trusted website. Again, keeping an eye out for misspellings or swapped characters. However, avoiding the click will eliminate the need for vigilance at this stage.

    Lastly, we recommend similar actions for voice calls. Rather than disclosing your billing information and contributing money over the phone, advise the representative that you will donate via webpage or mail in check. Securely navigate to the trusted website via search engine or known URL.

  3. Remain vigilant.

    Once you’ve made your contribution its important to remain vigilant. First, make sure you receive your donor acknowledgment letter in a timely manner. These should typically be received soon after your donation is processed and before the end of the year. Secondly, make sure your transaction is processed or check is cashed promptly. Slow processing could indicate your account information is being used for other things. Lastly, remember to review your account statements at least monthly. Daily monitoring of transactions is preferred where feasible.

If you are a charitable organization:

  1. Watch for suspicious e-mails, text messages, and phone calls

    Charities can be a treasure trove of donor information and financial records—information that is very attractive to fraudsters. As discussed above, avoid clicking links in emails and texts and be suspicious of unsolicited phone calls. If its too good to be true, it probably is. Always verify the source and do not be rushed into a decision.

  2. Stay educated.

    Maintaining an educated workforce is critical. Fraudsters are having an easier time given the recent pandemic as the workforce is largely working remotely. As such, cybersecurity awareness has never been more important. Consider undergoing awareness trainings to remain educated on the latest threats and how to avoid them.

  3. Establish and maintain processes and internal controls.

    Established processes and sound internal controls have always been critical, but prior to COVID-19, few organizations faced the task of migrating these processes and controls to remote work environments. COVID-19 and a new environment is no excuse to stray from these fundamental concepts. In fact, it’s more important than ever to ensure your processes and controls migrate to, if not strengthen, this new environment.

    It should be noted that cybersecurity insurance coverage may be lost if these controls do not remain implemented, so make sure you understand the requirements of your insurance policy. The dispersed and remote work force is introducing greater risks, and we are seeing a rise in malicious attacks. Your employees are also out of their routines and may find new ways to accomplish old tasks that could put the organization at risk. This increased risk coupled with a potential loss of coverage can be disastrous.

If you would like to discuss ways in which you can protect yourself, your organization, and/or your employees from fraud and cybercrime, please reach out to your HBK advisor.

For more information about Charity Fraud Awareness Week, visit the Fraud Advisory Panel website.

About the Author(s)

Amy Dalen, JD
Amy is a Principal and the Chair of the Tax Advisory Group at HBK CPAs & Consultants. The Tax Advisory Group is a group of highly specialized professionals who provide tax training to our team members, oversee compliance with tax policies in order to mitigate risk to the firm, and provide tax planning and consulting services for our clients.

Kathleen M. Clayton, CPA, PSA
Kathleen is a Principal in our Clark, New Jersey office. She has over 35 years of experience in providing auditing, accounting, tax and consulting services to privately held businesses and not-for-profit organizations. Kathleen specializes in preparing tax exempt status applications, consulting on charitable regulations and providing outsourced management and accounting services to numerous organizations, including membership organizations, public charities, private foundations, and special improvement districts. She routinely consults with organizations that receive federal and state funding.

Matthew J. Schiavone, CPA, CISSP, CISA
Matt is a Senior Manager in HBK’s Quality Control department and works primarily in the Pittsburgh, Pennsylvania office. He specializes in risk advisory services, system and organization control (SOC) reporting, internal controls, IT audit, information security, and cyber security for all types of industries.

Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.