Our Thinking

3 Fraudster Strategies for Non-Profits

#FPM2023 Fraud Prevention Month. Trick of the trade: what's in a fraudsters toolbox?

It’s that time of year again – Fraud Prevention Month 2023! In 2022 the Canadian Anti-Fraud Centre (CAFC) received 70,878 reports, of which over half involved mass marketing fraud. The CAFC received an additional 19,560 reports from victims of ID fraud. How much did this fraud cost Canadians? An astonishing $530 million in victim losses in 2022. But this is just the tip of iceberg, as the  CAFC estimates that only 5 to 10 per cent of people report fraud.

In honour of the 2023 Fraud Prevention Month theme (Tricks of the trade: What’s in a fraudster’s toolbox? What’s in yours?), in this blog we share 4 fraudster strategies to watch out for, to keep your non-profit’s data (and your members’ and donor’s data) safe and secure.

“The top three most reported types of fraud this past year were phishing, extortion and personal information scams, all frauds designed to get you to pay or give away sensitive information like your SIN #, passwords or banking details.” RCMP
#1: Convincing Impersonations

Are you sure that you’re communicating with who you think you are? You may be surprised by just how sophisticated fraudsters’ impersonations can be. They could pretend to be someone that you know, such as a trusted partner, stakeholder, or even one of your own staff members. 

In the last few years, a successful email scam that targeted staff within non-profit organizations has been making the rounds. Why were they successful? Staff would receive an email that appeared to be sent from their boss’s email address, with an urgent request to click on a link, or purchase something online. Fear of not meeting workplace expectations can make staff vulnerable to such time-sensitive requests – especially when they’re from the boss. Equally as dangerous are fraudsters that impersonate staff of organizations that you have never dealt with in person or over video calls. 

The CAFC recommends that you:

    • Never trust that a message is from who the sender says they are – especially when they ask you to send something.

    • Verify the person’s identity by searching online, talking to them in person, or asking questions that only they would know.

    • Hang up and call the office phone number of the company or agency in question.

    • If the caller claims to know you, hang up and make the outgoing call to the number in your contact list.

    • For emails, hover your mouse over the sender’s email address or hit “reply” to see if the email address appears differently.

#2: Links That Look Legit

Lower attention spans and busier lives create vital opportunities for fraud. Most people no longer read emails word for word. When we receive an email that looks even vaguely legitimate, chances are we will open it, read it, and likely click on the links in the body of the email.  That’s exactly the action that fraudsters want us to take. 

Clicking on these malicious links can have serious impacts on your systems, network, and data. Although it may seem like nothing happens when you click the link, viruses, tracking software and more may be quickly uploaded to your computer or device. When working on a computer (remotely or not) that’s part of your company network, there is a larger danger that the virus or malware will spread like wildfire through your entire company network.

And email isn’t the only source of malicious links. Increasingly, fraudsters are sending links via text pretending to be your bank asking for information, or a courier who is urgently trying to deliver a package. Social media platforms are also not immune.

The CAFC recommends that you:

    • Navigate to the website through your own search engine instead of clicking the link.

    • Find the contact information in your search engine and contact the company directly to see if the message you received was legitimate.

#3: Tempting Pop-Up Messages

In the process of implementing digital transformation strategies, many non-profit organizations add website pop-up messages to better engage potential members. Unfortunately, fraudsters use this tool for the same reason: it’s effective and quick, with a high ROI.

As with other fraudster strategies, urgency is a common tactic. The message will ask you to take a certain action, often based on fear tactics. They may use this in a positive way (you’re our grand prize winner, but you have to click this link to claim the prize in the next 60 seconds!) or a negative way (our scan shows that your device has a virus – click here to get rid of it NOW!). Either way, these individuals capitalize on our fears to make us take the action they want to take – and fast.

The CAFC recommends that you:

    • Don’t use public wi-fi or unsecured networks.

    • Clear your cache and block cookies.

    • Install anti-virus protection and pop-up blockers.

    • Never call a phone number provided in a pop-up.

With tight budgets and busy schedules, it’s easy for fraud prevention to make its way to the bottom of non-profit organizations’ to-do lists. But if it stays there, you’re not just putting your organization’s data at risk. You’re also making the data of your members, donors, and valued stakeholders vulnerable too. 

If Fraud Prevention Month has inspired your non-profit to take a closer look at your vulnerability to digital fraud, please get in touch! We can help you create or revise your digital safety and cybersecurity strategies to ensure that fraudsters keep their hands off your data.