Forward this post to your IT, Digital, Development, Donor Services, and any other team that could possibly handle donor transactions between now and the end of the year.
The next ~10 days your organization will be at it's most vulnerable to cyber attacks and fake donation scams.
I cannot stress enough - for the rest of the year if it seems phishy it IS phishy!
Cyber (and general) criminals know that the nonprofit technology infrastructure isn't what it should be AND that the last two weeks of the year are when organizations receive their largest gifts of the year. Those two combined make the nonprofit sector a prime target for scams right now.
Here's an example: Last year a client received a major gift (over 6 figures) from someone who had never given to the organization before. Everyone was through the moon - a huge gift at the end of the year was just what the team needed! But then things got weird. The next day the "donor" called in and said that a relative had stolen her credit card and that the donation was made in error. QUEUE THE SCAM The donor didn't want the gift canceled, they wanted a refund wired to a different bank account entirely. Luckily this client had JUST gone through a fraud prevention training and the entire organization was watching out for it, otherwise this story likely would have ended MUCH worse.
- Donation made online - credit card or bank transfer clears - IT/Digital Fundraising teams celebrate
- Wait a day or two, "donor" calls the main office line, says the gift was made in error, asks for a refund. Provides refund instructions.
- We're a donor-first organization, of COURSE we're going to help right this issue right away. Either the person answering the phone takes care of the issue OR they bring in someone from the donor services department.
- Refund is issued, funds withdrawn from the organization, but the original amount never actually clears - either the card used was stolen and the funds reported fraudulent, or the bank account provided for the transfer never existed.
If this happens to you, here's what you need to do:
- Any major gift - particularly one made online and/or from an unknown donor - should be reviewed. Does the WAY the gift was made make sense (aka did someone give a $10,000 gift through our online by credit card and cover fees- that might be a flag, as most gifts over $5,000 don't cover fees). Did the "donor" make multiple identical gifts of a certain amount with the same method (i.e. 3 or 4 $30,000 credit card donations) in a short amount of time? Things like this should be flagged and reviewed!
- Anyone calling in directly to your organization claiming a gift made in error or fraudulently should be considered suspicious. Fight the urge to help immediately. Instead assure the donor their gift is being flagged for further evaluation and that the organization’s finance team will follow up. This buys you time to make sure everyone is paying attention. You can ALWAYS suggest the donor work directly with their bank or financial institution to report fraud as well.
- For any suspicious gift - particularly one made online - your first call should be to your CEO/ED/President, CDO, or CFO to make sure everyone knows to be on guard. The next should be to the company you use to support online fundraising (assuming you don’t have a custom solution that you’ve built). Large gifts are going to carry heavy transaction costs, particularly ones made with a credit card. If that gift really does turn out to be fraudulent you’re still likely on the hook for those transaction costs. Make sure your platform provider knows as soon as possible so they can help you mitigate as much of those costs as possible. In the case of my client this was going to be nearly $10,000 in fees alone, but with the help of their fundraising platform we were able to erase all fees.
Remember, it's always OK to wait a few days to respond to a donor asking for help with a huge transaction - particularly if they're claiming it was made "in error."
DON'T let this happen to you. PLEASE. Like/Comment/Share this post - I don't want to see ANYONE go through this this year.
