Summary: Nonprofit donors are frequently targeted by scammers and fraudsters looking to take advantage of a crisis and the donors’ desire to help. In this article, we’ll discuss how small nonprofits can protect their donors by sharing clear, reliable information that reduces the risk of falling victim to these criminals.
The sad reality is that scammers love to exploit tragic events (natural disasters, terrorist attacks, mass shootings) and serious circumstances (domestic violence, child trafficking) and prey on people who want to help.
In fact, the FBI Internet Crime Complaint Center (IC3) received more than 4,500 complaints totaling approximately $96 million in losses to fraudulent charities, crowdfunding accounts, and disaster relief campaigns in 2024.
To make matters worse, scammers are often well-funded, highly organized, and incredibly skilled at deception. They spoof or hack legitimate email addresses, impersonate real people who work for nonprofits, and create professional-looking emails and websites that can trick even tech-savvy targets.
The good news is that your nonprofit doesn’t have to employ a cybersecurity or fraud expert to protect your donors from scams and fake fundraisers. You can just share clear, verifiable information and instructions!
Proactively Communicate What’s Legit
Again, scammers can create phony… everything. The best way to convey what’s real and what’s not is to make it as plain as day to your donors – and continuously remind them! If they receive communication that doesn’t meet these specific criteria, tell them not to respond.
- Fundraising Emails. Create very specific email addresses for fundraising. Include a message in your emails and on your website and social media pages that states, “We only send fundraising emails from the following addresses – X, Y, and Z. If you receive a request for a donation from another email address, do not respond. Please notify us immediately.”
- How Donations Are Accepted. It’s not enough to say that you only accept donations through your website and by mail. Both can be faked. Provide a specific URL for a web page (ex: yournonprofitname/donate) and/or a donation form like Eleo (ex: yournonprofitname.nameofplatform.com), and provide a physical address that can be confirmed before mailing a check.
- What You’ll Never Ask. Explain to donors that you’ll protect their privacy and sensitive information by never asking them to:
- Send wire transfers.
- Share their full Social Security number.
- Provide login credentials to bank accounts.
- Donate via a personal Venmo, Zelle, or Cash App account.
- Donate via text unless they’ve explicitly signed up to receive texts.
Bonus tip! Provide specific directions for reporting suspicious donation requests. You can’t take action if you don’t know what’s happening! Tell donors how to report scams and what information to provide so you can investigate.
Offer Tips on How to Spot Scams
Some scams are obvious. Most are not. But there are simple ways to spot common fraud techniques that you can share with donors. For example:
- Look for misspellings. A scammer will often try to fool donors with email addresses and URLs that are slightly misspelled or missing a letter. They hope the intentional errors are so minor that you won’t notice them.
- Hover over email addresses and web links. They may appear legitimate, but hovering over an email address or web link will show you the actual address or link before you click. Only click if it matches those from your pre-approved list.
- Watch for “thank yous” for donations you didn’t make. A common scam technique is to ask victims to confirm a payment, claim a prize, etc. For nonprofit donors, they send “thank you” emails, hoping you’ll click through to see a personal message on a fraudulent site. Don’t do it.
- Be aware of imposters. Lookalike websites, donation pages, and social media pages are easy to create. Only click and engage if you’re sure the page and link are legitimate.
Bonus tip! Create a clear verification path. For example, “If you’re not sure an email, social media post, website, or fundraiser is legitimate, contact us directly at (phone number) or (email address). We’re happy to answer your questions before you give.”
You can also create a permanent page on your website (Verify Donation Request or Fundraiser) where you can list all information mentioned previously.
No nonprofit can prevent the constant barrage of scams and cyberattacks that donors face every day. But you CAN take steps to reduce the risk of a data breach by simply sharing clear, helpful information. Protect your donors and their sensitive data to reinforce their trust and strengthen the relationship!
