What do you think are some of the biggest causes for charity? Natural disaster relief, terrorist attack relief, world hunger, health care funding, and suicide prevention are just a few of the biggest subjects for charities. Unfortunately, these are also some of the largest areas for charity fraud. Since the beginning of COVID-19, cybersecurity firm “DomainTools” has flagged more than 100,000 sites with COVID-19-related domains as “high risk” for fraud. Keeping this in mind, it’s important for us to understand what charity fraud is. We also need to know why and how it happens, and how we can avoid and detect fraudulent charities.
What is Charity Fraud
Charity fraud can be described as using deception to receive money from people who believe they are supporting useful charities. An Fbi.gov article states that, “while these scams can happen at any time, they are especially prevalent after high-profile disasters. Criminals often use tragedies to exploit you and others who want to help.” From the eye of an attacker, people are more vulnerable and likely to give money during tragedies and times of crisis.
Scammers in any field love to play with your emotions to get their desired result. This is especially true for charity fraud. Imagine this: You just scrolled past at least 5 posts on Instagram about the terrible fires, floods, and hurricanes happening in areas where you have friends and family. All you can think about are the lives that have been lost and the houses that have been destroyed. The next post you see is an ad that reads, “Disaster relief funding for those in need. Every dollar you donate goes to a family without a home.” Empathy and sadness are very powerful emotions that could easily lead you to donating without checking your sources.
Charity Fraud Scam Vectors and Social Engineering Techniques
Scammers use a lot of tactical techniques to deceive and motivate you into donating as well. Some of these include phishing, vishing, social media, and crowdfunding platforms. Let’s look into detail on why these tactics may be used for charity scams.
Phishing
Phishing attacks are done over email and are one of the most popular vectors for scammers and cyber criminals. During the 2018 Camp and Woosley fires in California, attackers took the opportunity to target businesses. They would send emails posing as a company’s CEO to employees instructions to buy gift cards to help clients who were fire victims. The scammers used the tactic of urgency and authority over the targeted employee, and since they were posing as CEO’s, employees were more likely to comply without question.
Social Media
A statistic from July, 2021 shows that over 4.48 billion people use social media worldwide. Considering how many people from almost every part of the world are using social media, it makes sense why scammers would have so much success in fraudulent charities. For example, there is a popular scam going around on Facebook where “friends” will message you claiming to be raising money for a charity or organization in need because of the COVID-19 pandemic. They’ll try to convince you to donate via link to a faux charity website or through gift cards. Since these messages are coming from supposed friends and familiar profiles, you’re more likely to trust them.
Crowdfunding Platforms
Back in 2017, there was a viral story about a homeless veteran who gave all his money to a woman on the side of the road with no gas. Once she got home, her boyfriend posted about the story and started a GoFundMe to raise money for the homeless man. This campaign was so successful it raised over $400,000 and was featured on Good Morning America. Unfortunately, in 2020, the couple pleaded guilty to wire fraud, money laundering, and more. In short, the campaign was a scam. What made this scam successful? First, feeling compassion for the homeless man. Second, trusting in a believable and detailed story. And third, social proof, from the story becoming viral were all keys to this successful scam.
Vishing
What about phone scams? I’m sure we’ve all gotten the “we’re calling about your car’s extended warranty” or even “The IRS needs your SSN to confirm your identity.” But what about phone scams involving charities? In March 2021, the FTC ended a vishing scam that stole over $110 million from citizens who thought they were giving to charities. The FTC states that, “Defendants duped Americans into donating tens of millions of dollars to nonprofit organizations that they claimed helped breast cancer patients, the families of children with cancer, homeless veterans, fire victims, and more. – In reality, almost no money went to charitable purposes described to donors.” At least 90% of these calls involved pre-recorded messages. The operators would listen in and select specific audio clips to play in response to people’s questions.
Protect Yourself from Charity Fraud and Give Wisely
While this may seem scary or overwhelming to think about, there are ways we can protect ourselves from charity fraud and detect red flags.
Red Flags:
- Pressure to donate immediately. Many charity scams will pressure you or use a sense of urgency to get your money as fast as possible with little time to think. A legitimate charity will not pressure you to donate and will welcome whatever donation you choose to make.
- Only accepting payment by gift cards, cash, or wire transfer. Scammers love these payment methods because the money can be difficult or even impossible to trace.
- Be aware of organizations with copycat/similar names to well-known organizations, especially new organizations that pop up during high-profile disasters.
What You Can Do:
- Always do your research and search for reputable organizations. The FTC suggests searching for a charity’s name or a cause you want to support with terms such as “highly rated charity,” “complaints” and “scam.”
- Don’t give personal and financial information like your SSN, date of birth, or bank account number to anyone asking for a donation. Scammers use that data to steal your money and identity.
- Never click on or open links from people you don’t know. Fraudulent links can steal your information and release malware onto your device.
- Use websites like CharityNavigator.org to check the validity and reputation of a charity before donating or giving out any information.
In summary, always check your sources, and do your own research. It’s equally important to never click on unknown links. In addition, don’t send money to any “organization” you don’t know using gift cards or wire transfers. And finally, be sure to check out our numerous blogs and newsletters about scams, online safety, and other topics such as these on social-engineer.org
Sources
https://www.domaintools.com/
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/charity-and-disaster-fraud
https://www.social-engineer.org/framework/attack-vectors/phishing-attacks-2/
https://www.social-engineer.org/framework/attack-vectors/vishing/
https://www.agari.com/email-security-blog/hostile-landscape-of-email-threats-leverages-california-wildfire-tragedy/
https://www.bbb.org/article/news-releases/22110-bbb-scam-alert-dont-be-fooled-into-thinking-thats-your-friend-on-facebook
https://www.charitynavigator.org/?c_src=WPAIDSEARCH&gclid=EAIaIQobChMIuPP5jo718gIVFtdMAh0gPAVUEAAYASAAEgJOBPD_BwE