Charitable giving has always held a special place in my heart. Growing up in a very small community, I always saw others in need. The church I grew up in had a huge food pantry that provided bi-monthly food to hundreds of families. Heck, I was a youth pastor for over ten years; helping and supporting those in need or those most deserving has always been core to who I am. It was simpler times. Many charities were local, and I even knew those running the operations. Things weren’t as complicated. (This is starting to sound like the start of a Christmas fable…)
But today the world has changed. Many organizations have more selfish focuses. Many organizations invest so much in running their organization that little is left for those in need. And, scarily, many scammers and fraudsters operate in this space, taking funds from those just trying to help and, in turn, leaving those without in even further despair.
This year, focus more time on protecting your donations and ensuring that those with the needs and missions you align with truly receive your funds. Don’t let your Giving Tuesday turn into weeks of chaos because of a mis-clicked link or a fake facade of a website.
Here is a list of actions you should take to protect yourself, your supported charities, and your donations.
The New Face of Charity Fraud: Professional, Polished, and Powered by AI
Thanks to new technology, especially AI-powered marketing, it is increasingly hard to recognize technology-based fraudulent operations. Here are a few warning signs:
Perfectly Cloned Charity Websites Many malicious actors will scrape real charity websites, imitating every last aspect of their site; in many cases, they use slight misspellings of the domain name, such as www.donate.com instead of www.donate.org. When a donor lands on the fake website, it appears real, so they continue with their donation.
Protection: Please double-check the domain name (closely) for every website visited.
Fake Crowdfunding Sites / Fake Donation Requests
Online platforms create a sense of urgency that suppresses donor skepticism by focusing on needs that the donors are most sympathetic towards. While you may know the family two streets over who had a house fire three weeks ago, are you sure the crowdfunding site listing is legitimate? There are modern AI systems that scan news sites for tragic events and auto-generate listings, preying on people’s emotions for local families.
Protection: Confirm with the families or somebody close to the families the legitimacy of the listing. Alternatively, look for local charities that may be assisting the family or organization.
Pop-Up Charities Many fake charities pop up out of nowhere, self-promoting and leveraging non-traditional tactics to recruit donations. Then, days or even hours later, they disappear with thousands of dollars of donations that the donors believed were well-intentioned.
Protection: Confirm the charities' validity. Even $5 to a non-charity is enough to continue to fund them to operate. Don’t be shy to ask for proof or evidence - and confirm it. Or even take the information to donate the next day after you have researched. Their need will still be there tomorrow.
Cybersecurity Risks Most Overlook or Don’t Realize
Most donors think of charity as a moral decision, not a security-focused concern. Every donation introduces cybersecurity risks:
Identity Theft Through “Donation Portals”
Fake donation pages collect large amounts of personal data, including name, address, payment information, and (yes) even social security numbers. All of this information can be used later for direct payment withdrawals, submitting fake tax returns, or even just for basic phishing attacks.
Protection: Double-check the donor's validation. The IRS provides a tool to confirm tax-exempt status. Be careful here, as not all churches are required to list, so churches may need to be vetted individually.
Compromised Credit Cards or Bank Accounts Cybercriminals often use micro-donations to test stolen cards. These pop up in mobile games, via SMS phishing attacks, and even in QR codes. A large retailer actually permitted a fraudulent charity to place a QR code placard on their checkout desk at dozens of stores. If somebody sees a $1 or $5 charity charge they don’t recognize, it may be fraud, and identity protection actions should be taken immediately.
Protection: Avoid micro donations everywhere. Most of the time, the processing fees consume most of the donated amount. It is far better and safer to locate the actual charities’ sources.
Malware Hidden in Receipts and Thank-You Emails (Phishing) Attachments or links posing as charitable receipts can drop malware, keyloggers, or ransomware onto personal or business devices. These e-mails are opened at a higher rate because they imply the provision of a receipt for a financial transaction.
Phishing attacks nearly triple on days set aside for charities.
Protection: Only open receipts from charities you have knowingly donated to. Treat the e-mails you receive from charities the same as any other potential spam or phishing e-mail.
At-Risk Computers Create a Web of Complexities As with all Internet activity, ensure that you have your computer and (yes) phone protected using an enterprise-level security suite for anti-virus, anti-phishing, anti-malware, and more.
There have been proactive fraudulent sites that even add comments like, “Please disable your anti-virus protection as it can cause purchases to decline.” Yes, they are that direct.
Protection: Don’t let the urgency of the day tug at your emotional strings and convince you to lower your guard.
Added Emotional Pressure or Direct Financial Pushes
Attackers exploit emotion, and charitable giving is often driven by emotion.
Disaster-Related Urgency “Donate NOW to help wildfire victims!” or “Susan is in dire need of a liver transplant.”
Social Pressure “All members of your professional association are giving…”
Guilt/Fear “Children will go hungry if you don’t act today.”
Protection: Urgency does not equal legitimacy. Double-check the sources and confirm the real causes and current collection campaigns.
Brad’s Personal Thoughts
Helping those in need and working with them are the personal and faith-based principles I was raised to uphold. It’s personal. Here are a few things Brad does to personally align better with the charities he supports:
Checks Yes, you read that correctly. Brad is suggesting paper. However, there are no fees with checks; you can request a copy from your bank, and you don’t have to worry about phishing or fraudulent e-mails.
Give Time, Not Just Money Many charities also struggle with support through time and energy, not just resources. Donating time (year-round) is a great way to stay connected with your charities and provide them with much-needed support. Go and help pack those boxes, carry supplies, dig holes, and rebuild.
Not only does this really help them with the physical needs, but it also connects you more closely with their mission.
Share Share. Share a lot. We are all super quick to market businesses we own or support, but tend to only share charitable opportunities on a minimal basis. Add a regular post or timeslot to a video to promote an organization's needs.
Final Message
In today’s environment, generosity needs a guard. By embedding cybersecurity awareness into your charitable giving, you are not just protecting yourself, but also those charities to which you donate.
Thanks for reading! This post is part of a Giving Tuesday collaboration with other great tax experts writing on Substack. Please check out their publications if you haven’t already:
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
Financial Guardians has partnered with the California Society of Tax Consultants to provide a 30% access discount as well as many other offers. More info can be found at www.cstcsociety.org
Thanks for this timely information!