Many of us grew up with Saturday morning children’s cartoons. Is it me, or did every cartoon villain look the same? They always tiptoed towards their intended target and hoisted big empty sacks over their shoulders (the better to cart away their loot!). Everything about them screamed VILLAIN in all-caps.
Well, of course, it was easy to identify the bad guys in those old cartoons. After all, they were created for children’s entertainment, and kids like things simple. But don’t we all? We all long for it to be easy to identify the ‘bad guys’ out there, and that includes cyber crooks as well as the classic cartoon crooks.
As organizations struggled to cope with the many changes initiated by the coronavirus pandemic, cyber crooks were already on the hunt for their next victim. Many found easy targets among the small businesses, including nonprofits, in turmoil. Without the routine of daily interactionism among employees, easy access to communications to reach fellow workers to ask questions, and looser security among IT networks to enable workers to work from home, cyber crooks didn’t need to tiptoe around in the dark. They acted boldly, and many succumbed to their lures.
Don’t be caught by cyber crooks this year. Know the signs of cyber fraud and protect your nonprofit from the current scams as well as general scams aimed at stealing your data.
Email Fraud – CDC Fake Emails
It was inevitable that criminals found a way to exploit people’s trust in the CDC. One common cyber fraud scam sent emails purporting to be the CDC to organization owners with a link in the email text encouraging them to click for more information.
Savvy recipients spotted several issues with the “CDC” emails that can help you recognize and avoid such phishing emails in the future.
- Recipients hadn’t contacted the CDC and wondered how the CDC obtained their email addresses.
- Sharp-eyed people recognized that when they held their mouse over the CDC link, it pointed to another website.
- The wording, spelling, and grammar weren’t quite right in the email. It was as if someone had run the text through Google’s translate feature. (Perhaps they had)
- The email requested personal information to respond, including the recipient’s email address and corporate login information. The CDC wouldn’t ask for that information.
These are all signs of a typical phishing email. Other signs include a generic salutation, fuzzy logos (because they are cut and pasted from the web), or fonts that look odd compared to actual communication from the company, firm, or government agency.
When in doubt, never click a link. Instead, log into a fresh browser screen and visit the site on your own. If there is no message pertaining to the topic of the email, it’s likely it was a phishing scheme.
Specific Nonprofit Risks
As a nonprofit organization, you’re probably soliciting donations online right now to make up for lost revenues from canceled in-person events.
However, constituents are bombarded right now with both legitimate and not-so-legitimate requests for funds from charities and fraudsters pretending to be charities.
How can you help them distinguish between actual charitable solicitations and fraudulent ones?
- Remind constituents that they can always visit your website and donate on their own – they do not need to do so through the link in your email (a cyber crook would never say this)
- Through your website, continually offer updated information on funding campaigns, progress towards goals, and financial information
- Remain transparent with all financial dealings
The key to helping constituents feel comfortable enough to give online is to maintain clear and honest communications about your nonprofit’s finances. Now is the time to offer great transparency into your organization’s finances and to reassure donors at every step of the way that their money is being put towards the work of the organization.
Mitigating Cyber Security Threats with the Right Technology
Awareness and training go a long way to reduce the risk of cyber fraud, especially phishing schemes like the first one we described. Nonprofits can also reduce their risk by maintaining dedicated VPN lines, special inbound connections with encryption that keep their servers secure.
Overworked IT departments, older software, and similar factors can make your nonprofit vulnerable. Close these gaps now before it’s too late. In 2019, data breaches exposed over 4 billion records, and the companies in the thick of such data breaches found themselves embroiled in months of clean-up work. Not all of these companies were big corporations, either. Small businesses and nonprofits are especially vulnerable because cybercriminals know they don’t have a big team of IT professionals on call to handle cybersecurity.
Take time now to update your systems, review cybersecurity procedures, and work with a company such as Welter Consulting to prevent cyber fraud. Criminals don’t tiptoe through backyards carrying big sacks like in the cartoons. They sneak in through emails, attack vulnerable software, and look for small businesses unable to fight back. The time to shore up your defenses is now.
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.