Email scams targeting nonprofit organizations are on the rise across the US and beyond. Many of them have been around for awhile—they’ve simply targeted individuals and not organizations.
Here are three new nonprofit scams circulating that you and your organization should be aware of.
DMCA Takedown Notices
Think about the stock photos, graphics, and logos you’ve got posted on your website or social media channels right now. Are you confident you’re legally able to use all of them? Can you be sure you’re not breaking any copyright laws?
Most small nonprofits are a little fuzzy on the answer to this question—and that’s exactly why this scam is so successful.
The Digital Millennium Copyright Act (DMCA) of 1998 was created to protect copyright holders from the illegal reproduction or distribution of their work. If you’ve violated this act, you’ll receive what’s called a Takedown Notice.
In legitimate takedown notices, the location of the content will be noted—usually linked to. But in a scam notice, you’ll be asked to either follow a link to download the offending content, or the email will have an attachment for you to open, instead.
In both of these cases, you’ll wind up downloading a malicious piece of software that can throw your systems into chaos.
Run suspicious emails past your IT specialists. They’ll be able to further inspect any links or attachments included.
If you’re concerned about ignoring a potentially legitimate DMCA Takedown Notice, don’t hesitate to reach out for more information at DMCA.com.
Phishing and “Spear Phishing” Attempts
Phishing emails are requests that “fish” for information. They’re looking for passwords or private financial information, for example.
The new phishing kid on the block is called “Spear Phishing,” and these scams are generally characterized by more personal details. These emails might look like they come from the bank you already use or the CEO of your organization.
Scammers in this arena often go to great lengths to spoof email addresses and even create fake websites that strongly resemble official ones.
Always double- and triple-check all email addresses and URLs, and remember that you’ll almost never be asked for this kind of information via email.
Transfer (or “bad check”) scams have been popular for a long time and often target freelancers, small business owners, or job hunters. Recently, they’ve begun targeting nonprofits, as well, in the form of our most precious resource: donors.
Here’s an example: you get a large online donation from a new donor. Then you get the email—the donor’s made a mistake. The amount they donated was too high, and can you please refund a portion of it back to them?
Doing this through your CRM might be as simple and harmless as clicking a button. But this new donor’s going to do one very specific thing: they’re going to ask that you refund the overage to a different card or bank account than the one they just used.
But their original payment will wind up invalid. You will get none of the donated money, and you will also have lost the “refund” you sent to this donor out of your own accounts.
To be safe, only ever refund donations back to the same method of payment.
Trust Your Instinct When it Comes to Nonprofit Scams
Email scams often have tells upon close inspection. These can be misspelled names, characteristically poor grammar, or vague details.
Protecting yourself and your organization from nonprofit scams is sometimes as simple as listening to your instinct—if something seems weird, it probably is.
Don’t hesitate to check URLs and the spelling of email addresses…
And if you can ask someone about it, don’t hesitate to do so!