Image source: Australian Charities and Not-for-profits Commission - Australian Charities Report 7th edition
Cybercriminals are opportunists, and they will exploit any opportunity they can get. Unfortunately, charities and non-for-profits generally don’t have the funds to spend on elaborate cybersecurity, which makes them especially vulnerable. Let’s take a closer look at how charities and not-for-profits become prime targets for cybercriminals.
Do your donations go where they’re supposed to?
Donations and gifts are just some of the ways that the generous support their favoured charities and not-for-profits, usually in the form of money. There are of course, strict rules around who can donate, how much, and how, to keep everything regulated and above-board.
The Australian Charities and Not-for-profits Commission requires charities to provide information about their finances, and larger charities must submit an annual financial report that includes their operational costs and financial information. For most non-profits, sources of revenue can include:
Specifically, donations generally make up a large portion of the revenue coming in for charities and not-for-profits. Given how the way of working has changed due to the pandemic, so has the way donations are collected. Non-profit organisations use digital platforms designed to make the donating process as convenient as possible, enabling donors to send through their contributions in just a few clicks.
Applying the same logic, cybercriminals set traps in a way that unsuspecting users can send them funds in just a few clicks, or even get the donor’s credit card information without raising any alarm bells. One of the ways they do this is by creating their own fake charity, or even posing as a genuine charity.
While it's bad enough that the donors suffer a personal financial loss, many don’t consider the follow-on consequences for the real organisation. Many of these charities and not-for-profits build their entire reputations on trust and transparency, which is why their branding carries a lot of weight and importance. Given that donations are a big part of their revenue, any doubt in the legitimacy of a donation request can result in huge financial losses. Brand reputation is one of their most valuable assets, and anything that compromises that can be a death sentence for the organisation.
You’re donating more than just money
When you donate, you share a lot of information that hackers would love to get their hands on. First name, last name, credit card information, online account details (e.g. PayPal), email address, mobile number etc. Charities love to thank their donors, either through an e-mail or SMS, and stay in touch for more potential donations later down the track.
With these personal details, in addition to the knowledge that these individuals have been known to donate to specific charities and not-for-profits, cybercriminals can construct a highly sophisticated scam targeting these individuals. For example, a professional-looking phishing e-mail containing all the recipient’s details could lead would-be donors to a fake page that looks exactly like the charity or not-for-profit they donated to previously.
The digitally-savvy among us, especially those who have gone through some form of cybersecurity training, are generally better equipped to pick up on these highly sophisticated scams. However, this isn’t the case for everyone. It’s unfortunate but a lot of the elderly fall for targeted scams of this type. The ACCC ‘Targeting scams’ report calls out how people aged 65 years and over reported higher losses than any other age group, with almost $38 million lost too cybercrime.