Sept/Oct 2005

Protecting Your Donors: How Nonprofits Can Protect Donors From Online Fraud Scams

by Dr. David Crooke, Founder and CTO, Convio

Dr. David Crooke, Founder and CTO, ConvioA disaster like Hurricane Katrina quickly brings out the generosity of the American public, and increasingly, people are exercising that generosity online. In the days following this tragedy, hundreds of millions of dollars poured in through relief charity Web sites. Unfortunately, an event like this also attracts the lowest elements of society, trying to profit from the tragic circumstances.

Fraudsters are phishing — don't let donors get caught in their net

In the wake of Katrina — as was the case after the 9/11 terrorist attacks and the December 2004 tsunami in Southeast Asia — phishing scams popped up purporting to ask for online donations to well known relief agencies.

The word "phishing" (sic) refers to online fraud schemes designed to capture victims' financial information. This type of scam starts with an unsolicited email urging people to come to a site, typically online banking or ostensibly a service like PayPal, and "update" their login information. The email directs victims to a site mocked up to look like the real one, and the fraudsters ask for a credit card number or login information.

Protecting your organization's donors

The democratization of the Internet also is its greatest weakness: Anyone can put up a site about anything, including a site claiming to be raising funds for a charity. Nonprofits, really any organizations, are limited in how much they can control what other people — particularly those who are unscrupulous — do online, but there are some steps that can help:

  • First and foremost, educate donors to be cautious: Follow the example of organizations such as PayPal and CitiBank, which have been combating phishing activity for a long time:
    1. Tell constituents not to respond to suspicious-looking email. Get them used to a standard format, sender address, style and timing for your official emails, so fake ones stand out more.
    2. Consider including "shared secrets" such as each recipient's first name and membership number in every email; phishers will not have this data.
    3. Promote the URL of your official site, so donors know where to go to be sure the site is really yours. Let them know who your official service providers are for email and donation processing (for example, American Red Cross lists such providers on its Web site).
  • Consult with your email marketing provider and publish Sender Policy Framework (aka "Sender ID") information for your email "From" addresses. This will help ISPs identify forged email purporting to be from your organization.
  • If you discover a fraud site, try to have it blocked immediately by contacting the department that handles abuses at the ISP whose network hosts it. Since abuse department email inboxes often are overloaded with spam complaints and poorly manned, follow up with phone calls and faxes to speak directly with a person. If the site is in the United States, you also should file a report with the FBI at http://www.ic3.gov/.

Although it's virtually impossible to prevent fraudsters from attempting to prey on people who want to help after a disaster strikes, nonprofits can alert donors about what's probably legitimate and what's not in the online world. Nonprofits also should immediately report any Internet activity they suspect is fraudulent so authorities can move swiftly to shut down these operations and prosecute the perpetrators.

Dr. David Crooke is Chief Technology Officer for Convio, Inc. In the three weeks immediately following Hurricane Katrina, nonprofits using Convio's Internet tools collectively raised more than $110 million online for related disaster relief efforts. These organizations include the American Red Cross, American Society for the Prevention of Cruelty to Animals, Easter Seals, Farm Aid, Feed the Children, Houston Area Women's Center, Mobile Loaves and Fishes, Navy-Marine Corps Relief Society, Paralyzed Veterans of America, Texas SPCA and UJA Federation of New York. For more information, please visit www.convio.com

Have a colleague who might be interested in this topic? Why not forward this article?

Return to Convio Connection Newsletter page

 
 
888-528-9501 | info@convio.com | Site Map | Privacy | Contact Us

Copyright 2000-2008, Convio Inc.
All rights reserved.