The holiday season is upon us, which means fraudsters are on alert and looking to take advantage of the goodwill of the unsuspecting. According to the National Center for Charitable Statistics, between 25 and 43 percent of annual giving is done between Thanksgiving and New Year’s. As such, fraudsters engaging in charity fraud often create fake charities to solicit donations or fool victims into thinking that they are donating to an existing charity.

The 2015 holiday season is particularly promising for fraudsters due to the recent Paris terror attacks and the resulting focus on the Syrian refugee humanitarian crisis. The general holiday giving surge combined with the Paris and refugee crises provides a plentiful pool of target victims.

The Holiday Season Breeds Fraud

There has been much written about fraudulent schemes targeting charitable giving over the years, particularly around the holiday season. does a good job highlighting various charity scams, and the Federal Trade Commission (FTC) provides information on what you can do to protect yourself.

There will always be a segment of the population that is quite vulnerable to these schemes due to extreme gullibility or ignorance. Enhancing the credibility of the schemes enables the social engineer (fraudster) to sustain or increase hit rate, possibly victimizing individuals who would otherwise know better.

Social engineering schemes like phishing (emails), vishing (voice mail or direct calls) and smishing (texting) have become a part of our everyday life. It is relatively easy to spot a bogus email or a text or call from an unknown number. But what if the email appears to come from a charity that you donated money to last year? Or the telephone call you receive appears to be coming from the local charity that you support through social media sites? How much more likely would you be to answer the call or respond to that email?

The vast amount of information that can be culled about many of us online is daunting. I would venture to guess that most people not associated with the fraud or cybersecurity industry don’t appreciate how vulnerable they are to an attack designed specifically for them or people of a particular affinity group to which they are part.

Discover why global threat intelligence is critical in the fight against online fraud

Charity Fraud and Crisis Scams

Natural disasters and other events that capture the world’s attention have long been a favorite opportunity for charity fraud social engineering scams. These scams prey on the average person’s sympathies for those affected by such events. Telephone calls and emails from charities soliciting donations purporting to help those affected are purely fictitious, or they may be legitimate charities but only give a small percentage of what is collected to those that it is intended for.

Paris was struck by its worst terror attack ever on Nov. 13, 2015. There will undoubtedly be fraud schemes established to solicit “donations” to the victims that were injured and the families of those killed in the attacks. French citizens will likely be the No. 1 target; however, individuals across Western Europe and North America will be targeted, as well.

Although the Syrian refugee crisis has been ongoing for many months, the Paris attacks have caused a renewed focus on it from political leaders and citizens of Europe and the U.S. This renewed focus may have a negative effect on the refugee population, which will create opportunities for fraudsters.

Previous Donors and Supporters Are More Vulnerable

On any day there are millions of phishing emails sent to individuals all over the world. But what tools and resources are available to bad actors to customize social engineering schemes to those that may have donated to or otherwise supported specific organizations or causes?

Spear phishing uses information known about a target victim to customize a credible attack. How can fraudsters use available information to create a customized attack?

Data Available for Purchase

There are many data brokers that aggregate information about consumers and package that information for sale to marketers, small businesses and salespeople to help them identify potential leads for their products and services. The more sinister view of these services is that they can potentially be used by bad actors to collect information about victims.

Upwards of 40 attributes pertaining to individuals may be obtained through these services, including name, physical and email addresses, telephone number, length of residency and credit card data.

For the purposes of charity fraud and other affinity fraud schemes that will allow customization, important attributes include:

  • Age Older people tend to give more, and the elderly may be manipulated more easily.
  • Ethnicity: Attackers easily identify those of a specific ethnic origin (e.g., French and Syrian).
  • Ailments: Health information can be used to target individuals willing to donate to a cause with which they can empathize.
  • Contributor by cause/Donor by cause: Criminals identify people that have donated to a specific cause or charity in the past.

Social Media Sources

Social media sites can be leveraged to identify potential targets or collect data used as part of building the profile of a target for a customized spear phishing attack. A quick search on Facebook for “Syrian Refugees” produces dozens of Facebook groups dedicated to helping the refugees. The groups, as a whole, include the names of thousands of members. This population could become targets of a spear phishing campaign.

Although the information available from the profile pages of individuals in these communities may be limited, other open-source information sites can be used to identify targets and gather data such as physical address, phone number, email address, family member information and even neighbors. The people identified within these groups could also be cross-referenced against data broker lists.

About the Scheme

Potential victims can be approached using a number of techniques, and in all likelihood, multiple techniques may be used. By adding layers of contact points, more advanced fraudsters can increase the appearance of credibility. Email scripts will be well-written and may provide a choice for the recipient to either click a link to a website or contact the charity at a provided phone number. Additionally, where phone numbers can be identified, a targeted vishing or spear vishing campaign could be designed to collect donations over the phone.

Don’t Trust the Caller ID

Many people implicitly trust their caller ID. They may see a number they recognize and/or a name associated with it and feel secure that the person on the other end is who the caller ID says it is. That’s probably OK if it’s your mother calling you. However, if it’s an organization with which the person receiving the call has an affinity, that person may be more easily duped into providing information or making a donation.

Fraudsters engaging in a targeted vishing attack may use call spoofing services to disguise their true origin and make it appear as if they are calling from the telephone number of the legitimate charity organization. The fraudster may even count on the victim to recognize the phone number and name of the charity. In this situation, the spoofed telephone number provides an enhanced air of credibility.

Call spoofing services are perfectly legal but not meant to be used for criminal purposes. Those using one of these services need only input the number to which they are calling and the number that they want to appear on the recipient’s caller ID. Additionally, some of these services have soundboard options that allow the user to add background noise — such as that of a call center, for example.

Consumers Must Always Be Guarded

It’s no surprise that the more information put online, the more vulnerable we become. Who would think that supporting a worthy cause by becoming a member of a private or closed group on a social network could potentially open you up for a phishing or vishing scheme?

Everyone’s expectation of privacy should be extremely low. As our lives, interactions and transactions increasingly move the digital space, we must be aware and on guard for any solicitation of information or money, particularly when the need is urgent, as in the case of a natural disaster or terrorist attack. Remaining aware of the risk of fraud is of paramount importance.

Fraudsters don’t need to use sophisticated techniques to steal money. Preying on emotions, sympathies and trustworthiness is simple, inexpensive and lucrative.

More from Banking & Finance

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today