Tomorrow, November 30, 2021, designated as “Giving Tuesday”, is always the Tuesday after Thanksgiving. Giving Tuesday is a great way for organizations and people to give back. However, this gives cybercriminals opportunities to take advantage of you with charity scams.
The Federal Trade Commission provided some helpful tips to help you and your users to donate safely this holiday season and all year round:
- Do some research online – Start by searching for causes you care about along with phrases like “best charity” or “top-rated charity”. When you consider giving to a specific charity, search its name plus “complaint,” “review,” “rating,” or “scam.” You can use resources such as Charity Navigator or CharityWatch to verify your search.
- Be careful how you pay – If someone wants donations in cash, by gift card, or by wiring money, don’t do it. That’s a trap for scammers to take your money. Be on the safe side and pay by credit card or check, and keep records of your donations. Before you click on a donation link, check out this FTC article to help you make sure your money is going where you think it is.
- Keep scammers’ tricks in mind – Some cybercriminals try to trick you into paying them by thanking you for a donation that you never made, or using a local area code when making a call. Make sure to watch out for red flags such as guaranteeing sweepstakes winnings in exchange for a donation (it’s illegal) or claims that your donation is tax-deductible when it’s not. If you’re feeling rushed or pressured to make a donation, that should also be a red flag that something isn’t quite right.
Every year cybercriminals prove there is no social engineering scheme too low for them to use in their attacks. Use your SPAR (Security Preparedness & Response) training to spot these attempts and NOT respond to them.
What else has been reported to firstname.lastname@example.org this past week?
- [Ext] Doc Received from **phone number** – the From field says it is from a “Uthsc.edu_Scanner”, but it is an external email wanting the recipient to click an attachment.
- [Ext] Twhitak Review your docusign on November 23, 2021 – like the one above, the From field says “Uthsc Doc.”, but the email address is from the UK.
- [Ext] “Recipient’s Name” – numerous employees’ names were spoofed using two specific Gmail addresses attempting the start of a gift card scam.
- [Ext] Message to Review – wanting the recipient to click on a link to review an invoice, but the email was from Japan