December 18, 2020 By David Bisson 3 min read

This holiday season, many people will turn to charities to give back. The last thing they want to do is give money to scammers instead of a cause they truly support. According to the FBI’s website, charity fraud rises during the holidays, when people choose to make end-of-year tax deductible gifts.

“Seasonal charity scams can pose greater difficulties in monitoring because of its widespread reach, limited duration and, when done over the Internet, minimal oversight,” cites the FBI site.

Therefore, it‘s important to be careful and verify the group to which you’re giving to make sure it isn’t actually a charity scam. Let’s take a look at what people should look out for when they’re giving. See common scammer tactics and reputable tools to make sure your money reaches a trusted organization.

What’s Behind a Charity Scam?

The people behind a charity scam, as with other types of fraud, usually start by disguising what they’re doing. Some impersonate well-known charities, while others make up a name of their own. Often, they follow the news and create scams around natural disasters, such as floods, hurricanes or wildfires. But, they are also known to prey upon supporters of evergreen causes.

Phishing emails are often part of the charity scam. They attempt to trick the recipient into handing over their banking information for the purpose of making a donation. The trick might lead them to a page designed to harvest their payment card credentials. Some attackers take this a step further by sending out spear-phishing emails that specifically target users based on what’s important to them. To glean this information, scammers conduct Open Source Intelligence (OSINT) by reviewing what users post about on social media and other public websites. They then use what they find to keep the scam going. From here, they can craft an email that asks the user to contribute to a relevant cause. Or, they can send a thank you email for a donation they didn’t make as a means of guilt-tripping the target into giving more.

How to Spot a Charity Scam

Charity scam solicitations will likely come through emails, cold calls, crowdfunding sites and even fake social media accounts and websites. The Federal Trade Commission indicates the best way to avoid being a victim of a fraudulent scam is by doing your homework.

Do Your Research

Research and planning can help minimize your chances of falling for a charity scam.

1. Search an organization’s name along with the keyword ‘complaint’ or ‘scam.’

2. Review the results for signs of red flags.

3. Look up consumer reviews from those who’ve given to the charity in the past. Use to look up their state’s charity official’s opinion, or use trusted tools, such as the BBB Wise Giving Alliance or the GuideStar Charity Check. If you don’t come across anything immediately suspicious, visit the website and review the information there.

4. Search for specific information about how the organization uses people’s donations. How much of the money goes to the cause? How do they accept contributions?

Assess Payment Options

A charity should never ask you to pay using a bank account. Do not submit any payment to a charity that is asking for money in the form of cash or gift card. The safest form of payment is a credit card. Additionally, before clicking on a link to donate online, make sure you know who is receiving your donation.

It’s also good to keep a record or receipts of any donations. Review your banking statements to make sure you’re only charged the amount you agreed to donate. And, check whether the person included in the signature line has any identifiable credentials.

Know Scammer Tricks

The FTC notes that scammers have tell-tale tricks that can raise red flags. A few are:

  • Changing caller ID to make it look like they are calling from a local area code.
  • Using names that sound similar to the names of real charities. 
  • Guaranteeing sweepstakes winnings in exchange for donations.
  • Claiming your donation is tax-deductible when it is not.

Additionally, if you feel any sense of guilt or urgency in a charity language, avoid making a donation. That doesn’t mean you shouldn’t give to groups you’re sure aren’t a charity scam. Seek ones you’d like to support instead of waiting for them to come to you.

A Happy and Safe Giving Season

The holidays are a perfect time for users to spread some cheer and donate to a cause that they support. By following these tips, you won’t just prevent the charity scam from stealing their personal or financial information. They will also make sure their donations end up in the hands of those who need it.

More from Fraud Protection

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today