The year-end charitable giving season is one of the biggest fundraising periods for non-profits. Unfortunately, bad actors have also taken notice and are continually coming up with new ways to try to scam people out of money – and that extends to cyber fraud. Emulating charitable organization's websites and using phishing scams are just some of the ways criminals are taking advantage of people's efforts to support good causes.

The good news is that there are some key practices you can follow to make sure you don't get scammed and that your hard-earned money is going to the right place.

Hijacking the giving season

Ever the opportunists, cybercriminals will try anything they can to steal your valuable information. Earlier this year, for instance, our FortiGuard Labs threat researchers observed a global spam campaign based on the Black Lives Matter movement. The campaign used subject lines purporting to be involved with the movement to trick unsuspecting victims into downloading and opening malicious attachments. The emails used variations in subjects and sender names to circumvent spam filters; all pretended to originate from legitimate organizations.

Similarly, we've also seen campaigns based on emails made to look like they're coming from organizations like the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC), preying on people's fear, uncertainty and doubt around the COVID-19 pandemic. Many of those campaigns targeted hospitals, medical equipment manufacturers and health insurance companies, capitalizing on the shortage of medical equipment and supplies. But other campaigns targeted individuals with false information on vaccines or positive COVID-19 test results.

The point is that cybercriminals will seize upon good causes for bad purposes any time of year, but the season of giving offers yet another opportunity for more such activity. Scammers will take advantage of the generous spirit during the holidays with fake charity emails, social media pages and even text messages.

Verify, verify, verify!

Vigilance is key to avoiding charity scams. To start with, make sure to verify that the charity is legitimate before making a contribution and that any links provided are legitimate. Usually, the best method is to go directly to the charity's website to make a donation rather than using any links embedded in an email or other website.

In addition, watch out for lookalike websites. Make sure the charity sites that you visit are legitimate. Hover over the URLs to check for ones that use names of well-known nonprofits but add extra words and characters. Look for "https" and a lock symbol in the web address, which indicates that a site is using security. Be on the lookout for misspelled words and requests for your personal information.

Cybersecurity A person works at a computer during the 10th International Cybersecurity Forum in Lille, France, Jan. 23, 2018. Photo: PHILIPPE HUGUEN/AFP/Getty Images

The FTC also advises that when you consider giving to a specific charity – particularly one you haven't heard of before – search its name plus the words "complaint," "review," "rating" or "scam."

Avoid public WiFi

Making donations at home on a private network is one thing. However, you may want to think twice before doing so using a public WiFi connection from somewhere like a coffee shop, restaurant or mall. Cybercriminals frequently hack these networks to access your data. They may even lie in wait in public areas, broadcasting a hotspot labeled "Free Public WiFi" that, when an unsuspecting visitor connects, can be used to capture all of the traffic moving between the device and another site. Avoid public WiFi if possible, unless you have a secure VPN connection, and wait until you get home to connect to a secure, trusted network.

Be careful how you pay

Unusual payment methods are often a sign to walk away. If someone wants donations in cash, by gift card or wire transfer, it's almost certainly a scam. Gift cards are a common scam method for cybercriminals, since stealing the money loaded onto them is like stealing cash: once it's gone, there's virtually no way for a victim to get it back – unlike credit card transactions, which allow chargebacks.

Credit cards, debit cards or checks are safer payment methods. These options leave a trail for investigators to follow if need be. There are new, even more secure payment options, as well. For instance, some banks have begun offering dissolvable credit card numbers that are generated for a single transaction.

Staying safe while being charitable

'Tis the season to give – and to scam. There are some basic cyber hygiene security tips to follow that will keep you safer across various activities in life, not just donating. They include:

  • Set a  strong password for every online account, making sure not to repeat the same password across any two platforms.
  • Use a password management app to keep track of different accounts.
  • Regularly update your login credentials and monitor your payment accounts for signs of unusual activity. 

Report any scams you come across to FTC.gov/complaint and to your state's charity regulator, which can be found at nasconet.org. Remaining vigilant and using good cyber-sense before you click a link will help you feel good about giving and ensure that your kind gesture goes to charity rather than into the pockets of criminals.

(Aamir Lakhani is a cyber security researcher and practitioner at FortiGuard Labs)