Last week, after Cyber Monday, came Giving Tuesday. While this day is a great idea for organizations and people to give back to those in need, scammers saw this as a target rich environment to try and scam those wanting to help out of money.
The Better Business Bureau provided some helpful tips to help anyone wanting to donate wisely and make the most of their generosity this holiday season and all year round:
- Watch out for name similarities – Before you give away any money, make sure you have the exact name of the charity you’ll be donating to.
- Review the website carefully – Check the website of the organization you’re donating to. Make sure the typical items of mission, goals, and criteria of achievements are listed.
- Avoid on-the-spot donation decisions from unfamiliar organizations – Don’t be pressured to immediately donate. It’s okay to take your time in researching who you are donating to.
- Be wary of emotional appeals – Marketers will try to pull your heart strings during the holidays, but so will the bad guys. Make sure to diligently research the organization.
- Check with state charity officials – You can check the National Association of State Charity Officials (NASCO) website to verify the charity’s validity.
- Avoid charities that don’t disclose – Be more alert of charities that don’t disclose where they are donating.
- Rely on standards-based evaluations – Make sure the charities are trustworthy by using certain evaluation templates.
- Research tax status – You can verify the tax status by using the IRS Tax Exemption Organization Search to check an organization’s tax status.
For more information on how you can stay safe this holiday season, check out the BBB’s free Wise Giving Guide. Year after year, the bad guys prove there is no social engineering scheme that is too low for them to use in their attacks.
Also reported to firstname.lastname@example.org these past couple of weeks (please note these all came from external email addresses):
- [Ext] For faculty/staff: Dean hides author’s identity – Phish wanting you to search for a YouTube clip. This phish was customized for our different colleges, i.e. Nursing’s subject line read “For Nursing Faculty, Staff” while people in Pharmacy got “For Pharmacy faculty/staff”.
- [Ext] Doc(s) Daily delivery #-00879436 – looks like a message from eFax, the email address is from Brazil.
The Office of Cybersecurity has created the Phish Bowl, a website where you can check to see what has been reported to email@example.com and learn what makes it a phish or a legitimate email. Bookmark the page for an easy way to check and see if what’s in your inbox has been reported already. Find the Phish Bowl at https://uthsc.edu/its/cybersecurity/phish-bowl.php.