December 18, 2020 By David Bisson 3 min read

This holiday season, many people will turn to charities to give back. The last thing they want to do is give money to scammers instead of a cause they truly support. According to the FBI’s website, charity fraud rises during the holidays, when people choose to make end-of-year tax deductible gifts.

“Seasonal charity scams can pose greater difficulties in monitoring because of its widespread reach, limited duration and, when done over the Internet, minimal oversight,” cites the FBI site.

Therefore, it‘s important to be careful and verify the group to which you’re giving to make sure it isn’t actually a charity scam. Let’s take a look at what people should look out for when they’re giving. See common scammer tactics and reputable tools to make sure your money reaches a trusted organization.

What’s Behind a Charity Scam?

The people behind a charity scam, as with other types of fraud, usually start by disguising what they’re doing. Some impersonate well-known charities, while others make up a name of their own. Often, they follow the news and create scams around natural disasters, such as floods, hurricanes or wildfires. But, they are also known to prey upon supporters of evergreen causes.

Phishing emails are often part of the charity scam. They attempt to trick the recipient into handing over their banking information for the purpose of making a donation. The trick might lead them to a page designed to harvest their payment card credentials. Some attackers take this a step further by sending out spear-phishing emails that specifically target users based on what’s important to them. To glean this information, scammers conduct Open Source Intelligence (OSINT) by reviewing what users post about on social media and other public websites. They then use what they find to keep the scam going. From here, they can craft an email that asks the user to contribute to a relevant cause. Or, they can send a thank you email for a donation they didn’t make as a means of guilt-tripping the target into giving more.

How to Spot a Charity Scam

Charity scam solicitations will likely come through emails, cold calls, crowdfunding sites and even fake social media accounts and websites. The Federal Trade Commission indicates the best way to avoid being a victim of a fraudulent scam is by doing your homework.

Do Your Research

Research and planning can help minimize your chances of falling for a charity scam.

1. Search an organization’s name along with the keyword ‘complaint’ or ‘scam.’

2. Review the results for signs of red flags.

3. Look up consumer reviews from those who’ve given to the charity in the past. Use to look up their state’s charity official’s opinion, or use trusted tools, such as the BBB Wise Giving Alliance or the GuideStar Charity Check. If you don’t come across anything immediately suspicious, visit the website and review the information there.

4. Search for specific information about how the organization uses people’s donations. How much of the money goes to the cause? How do they accept contributions?

Assess Payment Options

A charity should never ask you to pay using a bank account. Do not submit any payment to a charity that is asking for money in the form of cash or gift card. The safest form of payment is a credit card. Additionally, before clicking on a link to donate online, make sure you know who is receiving your donation.

It’s also good to keep a record or receipts of any donations. Review your banking statements to make sure you’re only charged the amount you agreed to donate. And, check whether the person included in the signature line has any identifiable credentials.

Know Scammer Tricks

The FTC notes that scammers have tell-tale tricks that can raise red flags. A few are:

  • Changing caller ID to make it look like they are calling from a local area code.
  • Using names that sound similar to the names of real charities. 
  • Guaranteeing sweepstakes winnings in exchange for donations.
  • Claiming your donation is tax-deductible when it is not.

Additionally, if you feel any sense of guilt or urgency in a charity language, avoid making a donation. That doesn’t mean you shouldn’t give to groups you’re sure aren’t a charity scam. Seek ones you’d like to support instead of waiting for them to come to you.

A Happy and Safe Giving Season

The holidays are a perfect time for users to spread some cheer and donate to a cause that they support. By following these tips, you won’t just prevent the charity scam from stealing their personal or financial information. They will also make sure their donations end up in the hands of those who need it.

More from Fraud Protection

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today