Disaster Charity Scams on IRS 2019 “DIRTY DOZEN”

Floods, tornadoes, wildfires. Disasters are in the news every week, impacting many lives. Charities that serve disaster victims, like the American Red Cross, help with food, shelter and other emergency needs. Legitimate charities use donations to fund those emergency services when they are needed.

Unfortunately, fraudulent charities are out there after every disaster event scamming generous donors. They solicit donations that will never be used to serve anyone other than the fraudsters. The IRS is very interested in stopping fraudulent charities. So interested, charity scams have been on its “DIRTY DOZEN” tax scam list every year for a long time.

Follow these four tips to make sure that the charity asking for your donation is legitimate:

  • Verify, Then Trust – Be wary of charities with names that are similar to a familiar or nationally-known organization. Some phony charities use names or websites that sound or look like a respected, legitimate organization. IRS.gov has a search feature, Tax Exempt Organization Search that allows donors to find legitimate charities. Check it before you give.
  • Watch for Bogus Solicitations – A long-standing scam that occurs after major disasters is to impersonate charities to get money or private information from well-intentioned donor/taxpayers. Scam artists use a variety of tactics, such as contacting people by e-mail or phone solicitations, or even going door-to-door. Treat e-mail solicitations with extra care because they could contain malware, on top of taking your money.

  • Keep Information Confidential – Scam artists may ask for you to provide your Social Security number or passwords that can be used to steal your identity and money. It’s quite common to make legitimate donations using credit cards, but it’s essential to make sure you know who you are speaking with before giving out your information. Did they call you? Confirm the organization and call them back, or make the donation online.
  • No Cash – Ever – For security and tax record purposes, contribute by check or credit card. Those methods provide documentation of the donation. They could also provide some recourse if you have questions or concerns later. Besides, who carries cash anymore? Charities are supposed to provide a contemporaneous acknowledgement after each donation. Keep a record of all donations just in case.

Fraudsters can use disasters as a cover to steal donations intended for legitimate charities that help disaster victims. Following these four tips can prevent your donation from going to a phony charity or avoid giving confidential financial information to an identify thief.

Preventing Fraud

It’s been over six months since I last blogged about fraud risk in small businesses and nonprofits. Tax season and the new tax law must have distracted me. But fraud has not stopped lurking, robbing organizations of their hard-earned funds.

In case you forgot, fraud is an illegal act involving deceit, concealment, or a violation of trust. Fraud doesn’t involve physical threats of violence or force. Fraud is committed to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.

Fraud is not unique to any one type of organization. The opportunity to commit fraud exists everywhere, including public and private businesses and nonprofits. Small businesses and nonprofits are even more susceptible to fraud because of typically lower levels of staffing and technology. Plus, the environment at nonprofits and small businesses espouses trust that could be exploited by people who are unscrupulous or experiencing extreme financial pressures.

First — recognize that fraud can happen. Second — implement an action plan to help prevent fraud from happening. How? Minimize the chances that fraud will happen at your organization with these three tips:

  • Separate Tasks – The most powerful weapon against fraud is separating tasks or duties that should not be performed by the same person, like separating expense approval and payment from the person who reconciles the bank account. Separating duties prevents one person from having too much control over financial activities so that she or he could take funds without detection.
  • Investigate Anomalies – Identify anomalies, or exceptions, from expected conditions or results. Is your cash flow within a normal expected range? Are your sales returns higher than usual? Investigate performance and results that fall outside the expected range and take action. Looking into unusual activity could draw attention to and end fraudulent activities. Even if no fraud has occurred, you can take corrective action as needed.
  • Independent Monitoring – Periodic independent monitoring by a knowledgeable party is another way to safeguard financial assets. Methods include supervisor reviews, periodic audits and effective governance. Exception reports or anomalies should ideally be investigated by someone who is independent of the original activity. Nonprofits with limited staff can involve the Board Treasurer in the monitoring process.

Important steps for preventing fraud are to recognize that fraud can happen and to implement an action plan to mitigate the risk of loss. Powerful weapons like separating tasks, investigating anomalies and independent monitoring all reduce the risk of losing money, property, services or reputation. Trust is great; implementing fraud prevention tips is priceless.

Award or Cyber Threat?

I don’t generally believe in coincidences, but one sure happened to me last week. On the very same day that I was talking to a colleague about how obvious phishing e-mails can be, I received a cleverly-disguised phishing message that was very tempting…at first.

Many scam e-mails come from someone you know who has been hacked. A message is sent to everyone in that person’s contacts. It contains a link and urges recipients to click on it to see something amazing. Clicking on that link infects your computer with malware or ransomware.

Another version is phishing for your banking and other financial information by masquerading as a bank that has an incoming wire transfer for your account. All you need to do is approve the transfer by clicking on a link that similarly infects or compromises your computer and your data.

My tempting phishing message was cleverly planned just for me (aren’t I special?). It did not come through my regular e-mail; it was sent as a Request for Service on my business website. The title was “Nominated for Best Business Award” and said I had been nominated for Best Consulting Business in Arlington, Virginia, where my business is located. All I needed to do was to click on the link. The message even contained a password I was to use to access the link.

How cool is it to be nominated for an award? Who could resist learning more? I knew of the Arlington Best Business Awards, sponsored by the Arlington Chamber of Commerce, and Arlington’s Best Business Awards, sponsored by Arlington Magazine. I was super excited to be nominated!

But not too excited to stop and make a few observations. For example, the message came from a third party that I did not recognize. The award category was not familiar, based on my attendance at award recognition events in the last few years. Then, I vaguely remembered that the 2018 Chamber and Arlington Magazine awards were already celebrated earlier in the year.

It was a scam! After a little detective work on the internet, I was sure that I was not nominated for an award and that I was targeted for a cyber threat. I searched the name on the e-mail extension and found that it led to a website that my computer’s security wouldn’t let me access because the site was infected. I looked at Arlington Magazine’s and Arlington Chamber’s websites and found that not only had the 2018 awards been bestowed, there was no category for Best Consulting Business.

I felt very lucky that I resisted temptation to click on that link, even if it meant that I was not nominated for an award. At work or at home, your confidential information is at risk. Spending money and time on computer security protection won’t do any good if you or someone who works with you clicks on a cyber threat disguised as an award, a funds transfer, or something amazing to see.