Nonprofit phishing scam alert in the US
Howard Lake | 22 March 2005 | News
Internet fundraising consultant Rick Christ reports what might be the first example of a ‘phishing’ scam against a nonprofit.
Rick Christ of NPAdvisors reports that an investigation is underway into the activities of a website at uniteways.org which reportedly solicited funds for a week, but which is not owned or operated by the genuine US nonprofit United Way.
The uniteways.org site is no longer operating after United Way noticed it and reported it to the authorities.
Advertisement
It is not clear if the site engaged in ‘phishing’, the fraudulent attempt to persuade website visitors to part with their personal or financial data, most usually passwords to online banking or payment services. If there was illegal activity it is more likely to have been a straight deception by inviting online ‘donations’ which were made to the fraudster’s account.
Nevertheless, the nonprofit sector remains a realistic target for phishing scams. Individual charities might not be likely targets, but the larger infrastructure bodies which handle donors’ accounts or giving services could theoretically be targeted.
Rick Christ mentions another website at unitedways.org which is also not operated by the nonprofit but is owned by a Miami-based company. Although it is not a phishing site, and is presumably operated legally, it is attempting to generate income by selling search adverts under that address.
What can charities do to prevent such scams? Rick Christ recommends prompt, open action: “many nonprofits would be tempted to hide such news, either out of shame or the misplaced fear that frightened donors would stop giving online to the real nonprofit as well. But denial of a crime helps only the criminals. Donors need confidence in the online financial system, and prompt prosecution of scam artists builds confidence.”
In addition to vigilance, Mr Christ encourages organisations to “register the domains that might easily be confused with yours.” For example, “buy the ones that are so close to yours a typical donor might be confused.” UK Fundraising’s Howard Lake has advised this approach to clients for some time. One useful technique is to get colleagues to type your organisation’s website address 20 times, see what the most common typos are, and consider registering those domains too.
About Howard Lake
Howard Lake is consultant editor of UK Fundraising. He founded the site in 1994 and successfully sold it in 2022. As director of Giving X Ltd he is exploring growing giving on a massive scale.
He is the founder of Fundraising Camp and co-founder of GoodJobs.