It is human nature to help our neighbors when disaster strikes. Our reflex is to open our wallets and help those in need.
Scams often spike when major natural disasters and catastrophes occur. The bad guys watch the same news we do, and customize campaigns designed to take advantage of our sympathetic natures. They’ve also figured out that causing our friends to click “Like” on a scam will also make us more inclined to donate to them as well.
How do I tell a real charity request from a fake?
Rest assured that you can stay safe from these disaster-related social engineering attempts by using the same practices that we’ve been giving you all along. Some are even specific to charitable efforts. Follow the tips below to keep cyber-safe while also ensuring your money goes where you want it to go:
· Check with a friend. If a charity has been “liked” on a social media site by a friend, contact the friend to understand more about the organization. A quick conversation with a friend provides more details than a “like.”
· Search by name. The Federal Trade Commission suggests searching the name of the recipient/organizer along with the words ”complaint,” “review,” “rating,” or “scam” to see if there have been any related complaints.
· Go to the source. You’ve done your research, and you’re still unsure. Message the campaign organizer (through the crowdfunding app) with any concerns. If your questions aren’t answered to your satisfaction, take your donation elsewhere.
· Is it legit? Fake “pop-up” charities are easily created on the Internet, so be skeptical. A genuine disaster aid organization won’t ask for your personal information (e.g., Social Security number, bank account info) in an email or phone call. Use the IRS’s Tax Exempt Organization Search or the Better Business Bureau’s Wise Giving Alliance to check whether the charity is real. Or proactively use these sites to search out a charity yourself!
· Look out for web imposters. Fraudulent sites often begin to appear within hours of the onset of a disaster., Red flags include subtle variations of spelling in web and sender addresses (e.g., Uniicef.org, RedCrosss.org).
· Report it! Make life harder for these fraudulent actors. If you receive a phishing email or suspicious phone call at work, report it to your IT department immediately. And if you receive one at home, contact the FTC.
If you have any additional questions about disaster-related phishing or other social engineering scams, contact your local IT staff, Circuit IT Security Officer, or ITSO for more information.
Below is a Facebook page of a well-known television weatherman in Tampa, Florida. He cautions his followers that in the wake of Hurricane Dorian, fraudsters are posing as him and attempting to collect donations by messaging followers through the Facebook app. Note that the blue “verified” badge and the weatherman’s last name is missing—another clue that this is an imposter account.
IRS: IRS Warns of Scams Related to Natural Disasters
FTC: How to Donate Wisely and Avoid Charity Scams
How to avoid GoFundMe scams on #GivingTuesday
How to Determine if it is Safe to Donate to a Campaign
IRS: Tax Exempt Organization Search
BBB: Wise Giving Alliance
Fraud Magazine: Natural catastrophe and disaster fraud
Poster: Skeptical? You Should Be.
Brochure: Best Practices for Recognizing and Avoiding Phishing Attacks
TC: Complaints
Scams often spike when major natural disasters and catastrophes occur. The bad guys watch the same news we do, and customize campaigns designed to take advantage of our sympathetic natures. They’ve also figured out that causing our friends to click “Like” on a scam will also make us more inclined to donate to them as well.
How do I tell a real charity request from a fake?
Rest assured that you can stay safe from these disaster-related social engineering attempts by using the same practices that we’ve been giving you all along. Some are even specific to charitable efforts. Follow the tips below to keep cyber-safe while also ensuring your money goes where you want it to go:
· Check with a friend. If a charity has been “liked” on a social media site by a friend, contact the friend to understand more about the organization. A quick conversation with a friend provides more details than a “like.”
· Search by name. The Federal Trade Commission suggests searching the name of the recipient/organizer along with the words ”complaint,” “review,” “rating,” or “scam” to see if there have been any related complaints.
· Go to the source. You’ve done your research, and you’re still unsure. Message the campaign organizer (through the crowdfunding app) with any concerns. If your questions aren’t answered to your satisfaction, take your donation elsewhere.
· Is it legit? Fake “pop-up” charities are easily created on the Internet, so be skeptical. A genuine disaster aid organization won’t ask for your personal information (e.g., Social Security number, bank account info) in an email or phone call. Use the IRS’s Tax Exempt Organization Search or the Better Business Bureau’s Wise Giving Alliance to check whether the charity is real. Or proactively use these sites to search out a charity yourself!
· Look out for web imposters. Fraudulent sites often begin to appear within hours of the onset of a disaster., Red flags include subtle variations of spelling in web and sender addresses (e.g., Uniicef.org, RedCrosss.org).
· Report it! Make life harder for these fraudulent actors. If you receive a phishing email or suspicious phone call at work, report it to your IT department immediately. And if you receive one at home, contact the FTC.
If you have any additional questions about disaster-related phishing or other social engineering scams, contact your local IT staff, Circuit IT Security Officer, or ITSO for more information.
Below is a Facebook page of a well-known television weatherman in Tampa, Florida. He cautions his followers that in the wake of Hurricane Dorian, fraudsters are posing as him and attempting to collect donations by messaging followers through the Facebook app. Note that the blue “verified” badge and the weatherman’s last name is missing—another clue that this is an imposter account.
IRS: IRS Warns of Scams Related to Natural Disasters
FTC: How to Donate Wisely and Avoid Charity Scams
How to avoid GoFundMe scams on #GivingTuesday
How to Determine if it is Safe to Donate to a Campaign
IRS: Tax Exempt Organization Search
BBB: Wise Giving Alliance
Fraud Magazine: Natural catastrophe and disaster fraud
Poster: Skeptical? You Should Be.
Brochure: Best Practices for Recognizing and Avoiding Phishing Attacks
TC: Complaints