Online Donations: Avoiding Charity and Crowdfunding Scams
When disaster strikes, the human spirit doesn’t falter. Millions of people generously pledge money online, as friends and colleagues pool their resources to contribute to a cause. Thanks to the possibilities allowed by the Internet, activities like crowdfunding and other relief-driven projects are given a better platform to raise awareness and reach a worldwide audience. Online social networking platforms especially, have played an important role in building support for certain causes. For example, the Ice Bucket Challenge campaign that promoted awareness of the disease ALS (amyotrophic lateral sclerosis, also known as Lou Gehrig’s Disease) encouraged massive donations to research as it went viral on social media. During the weeks of the challenge’s popularity, it was reported that the ALS’s Association received $41.8 million.
While such humanitarian efforts are good for the intended beneficiaries, the potential for good cannot negate the instances of abuse that do occasionally occur. As seen in many previous incidents, many scammers take advantage of philanthropic acts done online and use social engineering lures to trick people into donating their money to perpetrators. Here are some notable online donation scams in the past that have victimized unknowing donors:
- Nepal Earthquake (2015) - when the catastrophic 7.8 magnitude earthquake hit Nepal in April 25, people from all over the world sent donations and volunteered to help the victims. In the following days after the disaster, scam emails started to spread. The email message asked recipients to send their donations to a certain account that belonged to the scammer. The letter included phrases like “Help Nepal” and “Nepal earthquake” to trick users into believing that that the message was legitimate.
- Ebola Virus (2014) - when news of the deadly Ebola virus broke out, many organizations and individuals pitched in their donations to support the need for resources. Scammers mimicked websites of relief organizations to fool people into sending their donations.
- Boston Marathon Bombing (2013) - within hours after the Boston bombing happened, people rushed to donate to the victims. At the same time, one fraudster was duping the public by setting up a Twitter account claiming to be associated with the Boston Marathon organization. The scammer’s account promised to donate $1 for every retweet. It wasn’t after it received more than 50,000 retweets that users started to notice it was a fake, and Twitter then shut it down.
- Typhoon Haiyan (2013) - after Typhoon Haiyan wreaked havoc on communities in central Philippines, millions of victims were in need of humanitarian assistance. The response was overwhelming, with more than US$248 million in relief sent by governments, charitable groups, and individuals. Unfortunately, scammers were quick to make a profit out of the calamity. Fake Facebook pages were set up to ask for donations via PayPal. In addition, many spammed emails circulated as well, imploring users to donate via wire or bank transfers.
- Crowdfunding scams - while crowdfunding offers a quick way to raise profit for mutually-beneficial projects, the system can also be exploited by fraudsters. Here are a few crowdfunding scams that built a reputation of idealism—in the name of sheer profit:
- Indiegogo’s Storm e-bike (2015) – Storm Sondors, the creator of the Storm e-bike, built and managed his crowdfunding campaign and was able to raise nearly $5.3 million from more than 12,000 funders. These contributors hoped to receive a low-cost electric bicycle. However, it was reported that Sondors changed the specs of the bike during the campaign and made exaggerated claims about what the cost-friendly e-bike could do. Sondors was eventually sued for contractual fraud.
- Kickstarter’s WeTag (2014) – according to the company WeTag, their team created a new technology consisting of a Bluetooth item locator that required no battery. Funders were ecstatic, and the enthusiasm resulted in a whopping $500,000 in funding within the first few weeks. After funders started asking questions about the development of the technology, the company avoided responses. Eventually, Kickstarter suspended the project and gave back all donated funds.
How to avoid being a victim
While these schemes seem deplorable to us, it's simply business for cybercriminals. As long as there’s an opportunity, scammers will leverage them to steal money from users, and they know that scams are easier to pull off when potential donors are running high on emotions. To avoid being a victim, it’s important to be alert when it comes to donating your money online. Here are some useful tips on how you can protect yourself:
- Verify the organization – before committing to a charity, always double-check the authenticity of the organization by contacting legitimate sources.
- Know how your donations will be used – while it seems rather obvious where your donations should go, it still helps to know the charity’s process and timeline regarding donations. A genuine relief organization should be able to provide all the details of accounts.
- Be wary of social media pleas and campaigns – social networking sites are popular platforms used to gain attention. As such, it is easy for scammers to create bogus accounts to lure users. Always be on the lookout for sketchy details and inconsistencies before donating anything.
- Make sure your donations go through a secure website – online transactions are always at the risk of being intercepted by hackers and identity thieves. One way to ensure that you’re paying on a secure website is by checking the URL. HTTPS means that sensitive information like credit card credentials and user information is encrypted before being sent to the server.
- Handle attachments with caution – avoid opening suspicious attachments or clicking on dubious links. You can tell by looking for grammatical lapses, spelling errors, strange statements, and outrageous titles. They could be malicious files.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases