During the coronavirus crisis, we have seen great examples of humanity helping each other. Around the world, an army of volunteers has stepped up to help the vulnerable and those in need. Unfortunately, we have also witnessed a rise in charity scams, as fraudsters seek to exploit the crisis to carry out cybercrime.
As early as February 2020, the US Federal Trade Commission (FTC) warned that,
“Scammers are taking advantage of fears surrounding the coronavirus. They’re setting up websites to sell bogus products and using fake emails, texts, and social media posts as a ruse to take your money and get your personal information.”
These scams cost you money and divert donations away from real charities and causes.
In this article, we outline the critical coronavirus scams and charity frauds, what to look out for, and how to protect yourself.
How Do Coronavirus Charity Scams Work?
Many of the scams being employed are not new: they are classic cyberattacks with a new coronavirus angle in the way they are presented. Cyberattacks are malicious and deliberate attempts to breach an individual or organization's information system to gain some type of benefit.
Charity frauds tend to fall into two categories:
- Scams which target the public
- Scams which target charity workers themselves
Coronavirus scam examples - targeting the public
- Fake charities or impersonating charities: Scammers pose as a fake charity to solicit fraudulent donations. Often, they pick a name that sounds close to a genuine and well-known charity.
- Person-in-need scams: Scammers pose as an individual affected by coronavirus or perhaps claim to be acting on behalf of a friend or relative — seeking your financial help. The person will claim to be in trouble because of the crisis. For example, by saying they are ill or stranded in another country and will ask you to send them money. Often, they claim urgency and the need for secrecy.
- Testing, vaccine, and treatment scams: Scammers offer fake home test kits and “miracle" cures or vaccines, which do not exist. They may also target Medicare recipients by offering Covid-19 testing in an attempt to steal personal information.
- Checks from the government: Scammers claim to be from the IRS or another government agency and ask for your personal information or try to charge you fake fees for getting your stimulus check or offer you a way to get the money early.
- FDIC and banking: Fraudsters pretend to be from the Federal Deposit Insurance Corporation (FDIC) or your bank and say your bank account or your ability to get cash are in danger and ask for your personal information.
Coronavirus scam examples - targeting charity workers
- Phishing. Fraudsters claim to be from a legitimate organization that can provide information that could assist local charities, such as a list of vulnerable people in the local area who may require support. The victim is invited to click on a link to access the information. This typically leads to a fake website or asks the victim to make a cryptocurrency (such as bitcoin) payment.
- Mandate fraud. For example, a charity employee working from home might receive an email that appears to be from a legitimate company providing services for the charity. The email requests that future payments be made to an alternative bank account controlled by the fraudster.
- Procurement fraud. This might involve the online sale to a charity or public health organization of vital personal protective equipment (PPE), such as face masks and gloves. Once the payment has been made, no products are delivered, or the products do not meet the required standards — the State of New York was a recent victim of PPE fraud.
Coronavirus Donation Scams - 9 Tips to Keep in Mind
Generally, for any coronavirus scam, it is essential to remember that:
- Legitimate charities will be registered — you should cross-check an organization’s credentials on a known database to see if they are genuine.
- Individuals who have been affected by the illness are unlikely to contact you directly for money — especially strangers you don’t know.
- It is difficult to recover money sent via money order, wire transfer, international funds transfer, pre-loaded card, or an electronic currency like Bitcoin. Avoid any arrangement with strangers that asks for upfront payment in this way.
- Generally, organizations asking you to send funds to a foreign bank are highly unlikely to be legitimate. Be extra cautious of requests to send money overseas.
- A fake website may look almost identical to a genuine charity site, changing only the details of where to send donations. It is important to stay vigilant.
- Just because someone knows your name and contact details, does not mean they are genuine. Question every surprise email and request you may get.
- Scammers often use high-pressure tactics, such as stressing the urgency and using highly emotive language. Sometimes this can even be part of a more extensive social engineering attack (social engineering is the psychological manipulation of people into performing actions or divulging confidential information). If someone solicits donations from you, check the facts and don't donate without investigating. This is because legitimate organizations will not apply that same level of pressure, and you should be cautious of anyone claiming that donations need to be immediate to be effective.
- For legitimate charities, according to the Wise Giving Alliance, at least 65% of donations should go directly to the people or cause they are serving. If the proportion is much lower than this, it is questionable to what extent it is a real charity. Finding out how much of your donation goes to the actual cause is one way to assess a charity’s legitimacy.
- Be cautious about fundraising appeals with generic or vague wording, such as “to help people with Covid-19”’. Or that simply contain a cell phone number without additional, more specific information.
How to Protect Yourself from Coronavirus Charity Scams
Tips for people who want to donate
- Search for the charity on a public database where you can check if a charity is legitimate. Those databases include Charity Check, CharityWatch, BBB Wise Giving Alliance, Charity Navigator.
- Check the charity’s website. A legitimate charity website should be easy to find via search engines. Check the URL: most non-profit web addresses end with .org rather than .com. Avoid web addresses that end with a series of numbers. Their EIN (Employer Identification Number) and tax ID number should be clearly shown. Fake websites (especially fake charity websites) often ask for detailed information such as your social security, date of birth, bank account and PIN information. Be very careful as providing this information makes it easy to steal your identity.
- To donate online, type in the charity website address rather than clicking on a link. Approach charity organizations directly to donate or offer support.
- Try to find any media coverage or additional information that can validate a fundraiser’s legitimacy. Review ratings or reviews of the charity in the public domain. Search online for the charity’s name and the words “scam” or “fraud.”
- Never send money or provide personal information, credit card details, or online account details to anyone you do not know or trust.
- Donate using a credit card. It is the safest way to donate. Never donate by giving out gift card numbers or using a wire transfer. If someone asks you to donate that way, assume it is a scam.
- Delete unsolicited emails with attachments. Legitimate emails from real charities typically will not include attachments. Do not open any attachments to these emails since they are likely to be viruses or cause inadvertent downloads of malware onto your computer, making you vulnerable to future hacking attempts.
- Do not click on links in suspicious emails, and never respond to unsolicited messages and calls asking for personal or financial details. Avoiding fake charity links will also help prevent phishing scams.
- Check email addresses are valid. Hover your mouse over the email address to reveal the email address. Check whether it is linked to a real charity or one crafted to deceive people.
- Be careful on social media. Social media is a useful way for charities to communicate with the public and solicit donations. But do not assume that a donation request on Facebook, Twitter, or YouTube is legitimate simply because a friend liked or shared it. Take the time to research the group before donating.
- Give through a reputable and secure service. For example, Charity Navigator’s 'Giving Basket' is a safe and convenient way to give to charitable causes. The Giving Basket only donates to legitimate charities, so you are protected from donating to a fraudulent appeal by mistake.
- Question GoFundMe pleas. There has been an increase in crowdsourcing websites like GoFundMe.com, where people can quickly put up fundraising pleas to cover unexpected medical bills or personal tragedies. However, the platform does not verify individual requests, so there is no way to know if a person's story is real or a scam. Again, we recommend you tread carefully.
- Protect your devices. Always install the latest software and app updates to protect your devices from the latest threats. Buy a comprehensive cybersecurity solution like Kaspersky Security Cloud to get personalized and adaptive online security for all your devices.
Tips for charity workers
- Carry out due diligence if you are making a purchase on behalf of your charity from a company or person you do not know. Discuss with colleagues if you are unsure.
- Be cautious if you are asked to make changes to bank details or make payments to a new account. Wherever possible, follow your charity’s validation procedures and check the authenticity of such messages before making any payments or actioning banking changes.
- Question unsolicited offers of goods or other financial support where an advanced fee payment is required. Do not feel pressured into making a decision that could harm your charity or your beneficiaries.
- Trust your instincts. If something does not feel right, then leave it alone. As the saying goes, if it sounds too good to be true, it probably is.
What to Do If You Have Been Scammed by A Fake Charity
If you think you have provided your account details to a charity scammer, contact your bank or financial institution immediately.
If you or your charity is a victim of fraud or cybercrime, you can also report it to relevant organizations in your country:
- In the US, Charity Navigator has a useful page that explains how to report charity frauds on both a state and federal level.
- In Australia, Scamwatch allows you to report fraud here.
- In Singapore, the Government’s Charity Portal provides guidance on how to raise concerns.
- The UK’s Gov.uk site provides resources for how to report charity scams.
Reporting charity frauds helps to warn others about current scams and allows the relevant agencies to monitor trends and disrupt scams. It is helpful to include details of the scam contact you received, such as an email or screenshot. Consider also using an anti-malware solution to help protect you from threats. For example, Kaspersky’s Internet Security provides advanced protection from ransomware and is available across most operating systems.
While charity frauds and coronavirus scams exist — it is crucial to remain vigilant. However, you should not be deterred from giving to genuinely good causes during a crisis. This is because charities do essential work, helping those in the greatest need. Just make sure you are giving to legitimate organizations and not cybercriminals trying to take advantage of the situation.