December 18, 2020 By David Bisson 3 min read

This holiday season, many people will turn to charities to give back. The last thing they want to do is give money to scammers instead of a cause they truly support. According to the FBI’s website, charity fraud rises during the holidays, when people choose to make end-of-year tax deductible gifts.

“Seasonal charity scams can pose greater difficulties in monitoring because of its widespread reach, limited duration and, when done over the Internet, minimal oversight,” cites the FBI site.

Therefore, it‘s important to be careful and verify the group to which you’re giving to make sure it isn’t actually a charity scam. Let’s take a look at what people should look out for when they’re giving. See common scammer tactics and reputable tools to make sure your money reaches a trusted organization.

What’s Behind a Charity Scam?

The people behind a charity scam, as with other types of fraud, usually start by disguising what they’re doing. Some impersonate well-known charities, while others make up a name of their own. Often, they follow the news and create scams around natural disasters, such as floods, hurricanes or wildfires. But, they are also known to prey upon supporters of evergreen causes.

Phishing emails are often part of the charity scam. They attempt to trick the recipient into handing over their banking information for the purpose of making a donation. The trick might lead them to a page designed to harvest their payment card credentials. Some attackers take this a step further by sending out spear-phishing emails that specifically target users based on what’s important to them. To glean this information, scammers conduct Open Source Intelligence (OSINT) by reviewing what users post about on social media and other public websites. They then use what they find to keep the scam going. From here, they can craft an email that asks the user to contribute to a relevant cause. Or, they can send a thank you email for a donation they didn’t make as a means of guilt-tripping the target into giving more.

How to Spot a Charity Scam

Charity scam solicitations will likely come through emails, cold calls, crowdfunding sites and even fake social media accounts and websites. The Federal Trade Commission indicates the best way to avoid being a victim of a fraudulent scam is by doing your homework.

Do Your Research

Research and planning can help minimize your chances of falling for a charity scam.

1. Search an organization’s name along with the keyword ‘complaint’ or ‘scam.’

2. Review the results for signs of red flags.

3. Look up consumer reviews from those who’ve given to the charity in the past. Use nasconet.org to look up their state’s charity official’s opinion, or use trusted tools, such as the BBB Wise Giving Alliance or the GuideStar Charity Check. If you don’t come across anything immediately suspicious, visit the website and review the information there.

4. Search for specific information about how the organization uses people’s donations. How much of the money goes to the cause? How do they accept contributions?

Assess Payment Options

A charity should never ask you to pay using a bank account. Do not submit any payment to a charity that is asking for money in the form of cash or gift card. The safest form of payment is a credit card. Additionally, before clicking on a link to donate online, make sure you know who is receiving your donation.

It’s also good to keep a record or receipts of any donations. Review your banking statements to make sure you’re only charged the amount you agreed to donate. And, check whether the person included in the signature line has any identifiable credentials.

Know Scammer Tricks

The FTC notes that scammers have tell-tale tricks that can raise red flags. A few are:

  • Changing caller ID to make it look like they are calling from a local area code.
  • Using names that sound similar to the names of real charities. 
  • Guaranteeing sweepstakes winnings in exchange for donations.
  • Claiming your donation is tax-deductible when it is not.

Additionally, if you feel any sense of guilt or urgency in a charity language, avoid making a donation. That doesn’t mean you shouldn’t give to groups you’re sure aren’t a charity scam. Seek ones you’d like to support instead of waiting for them to come to you.

A Happy and Safe Giving Season

The holidays are a perfect time for users to spread some cheer and donate to a cause that they support. By following these tips, you won’t just prevent the charity scam from stealing their personal or financial information. They will also make sure their donations end up in the hands of those who need it.

More from Fraud Protection

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today