📍 It's our firm belief that the dangers of phishing and scamming should be talked about over and over again. Why? Because phishers and scammers keep evolving. Since there are living human beings behind all those harmful activities, they keep coming up with new ideas on how to cheat money out of people, destroy their businesses and reputations and make their lives miserable. Aside from advanced anti-malware and email safety culture, our main weapon is constant awareness and the ability to adapt.
This subject is particularly relevant right now as the world responds to Russia's invasion of Ukraine by creating crowdfunding platforms and providing financial support to the people of Ukraine. Unfortunately, scammers and phishers have no qualms about using a good cause for their advantage. Because many businesses and companies spoke out about their support for Ukraine, they are at risk of getting engaged by phishers posing as humanitarian organizations. They would use Ukrainian flag logos 🇺🇦, hit you with shocking information, and ask for donations.
However, dirty tricks like that should not divert people from doing the right thing. Phishers and scammers must be re-directed to spam folders and reported, not allowed to become an obstacle between you and your wish to contribute.
So, what do you do with the charity phishers? How do you tell them from real organizations? How do you prevent them from finding their way to your mailbox?
In this blog post, we’ll figure it out together!
How to tell charity phishers from credible senders?
Ukraine-themed phishing campaigns have been sneaking 🐍 their way into the recipients’ inboxes since February 24th. Unfortunately, phishers are too eager to push all the emotional triggers they can reach - and war provides plenty of those.
This is why it's extremely important to keep your head cool when you read an email from an alleged charity organization asking you to donate some money to buy supplies for Ukrainian children or refugees. There is a simple and quick way for you to determine, whether you're dealing with a real entity or someone's scam.
- Find them online. Every charity or humanitarian organization has a platform to promote its mission and involve people from all around the world. So, of course, they would have a website or at least some kind of online presence. If you find nothing about the mentioned organization or come across an obscure website without active social media, testimonials, and social proof, you have all the reasons not to respond to the email and send it to spam.
- Pay attention to bank details. It’s worth noting that charity phishers and scammers would avoid adding bank accounts or providing credit card numbers 💳 when asking for donations. Instead, they always accept donations in cryptocurrency only. It's logical for them - cryptocurrency transactions are hard to trace and, therefore, safe for them. However, for a large majority of the organization, it's still an unorthodox payment method - some of them use it as an additional way to donate, but would always provide bank details and clear instructions on how to fund their cause. So, if a random charity company representative asks you to donate in BitCoin, it's a huge red flag. Don't trust an incoming email - always go to the official website of a charity organization and check its payment details.
- Steer clear of emotional triggers. War always brings suffering, pain, and loss. However, phishers are notorious for trying to piggyback on tragedy and would push their fingers into an open wound to elicit a reaction from you. In contrast, legitimate organizations, especially those who connect with companies and businesses, prefer to keep their message short and calm. They are honest about the crisis but prefer to outline what their recipients can do for them and how they can change things for the better together, rather than shame them into donating. Legitimate organizations also provide reports on what donations were spent on, accounting for each dollar invested. So, if the received email makes a huge emphasis on the crisis and suffering, creates a feeling of urgency ("we must take action NOW"), but provides no plan of the said action or proof of their activity, it shouldn't be trusted.
- Say “Nope!” 🚫 to deceiving or urgency-inducing subject lines. Some charity phishing emails are too dangerous to open - they may hide hidden links that you may unknowingly click and trigger a harmful malware or spyware upload. Such emails will try to catch your attention with emotional blackmail or tricky subject lines, such as: "It’s up to YOU to make a difference!", "NOBODY is talking about it! It’s time to make a move!", "They need your HELP!!!", "You can SAVE THE WORLD".
Appeal to emotion is the cheapest trick in the book - and it shouldn’t be used to compromise the safety of your business network.
Charity organizations are also aware of charity phishers. So they usually do their best to prove their credibility, attaching social proof, informing you of what kind of aid they want to donate you to, and always offering several ways to invest. Additionally, they make sure to promote their presence and interact with as many companies and organizations as possible.
🇺🇦 For instance, Come Back Alive is the largest non-governmental Ukrainian organization in Ukraine that specializes in supporting the Armed Forces of Ukraine by providing them with medical supplies, lighting equipment, and laptops. Understanding the importance of visibility, the team of Come Back Alive has a massive online presence - from website to platforms on Facebook, Twitter, and YouTube - and has partnered with many Ukrainian businesses to spread their message and educate people on what they do.
They regularly report on their recent progress, providing information on what they purchased thanks to the donated funds and explaining to their audience how much of a difference every contribution has made so far. Their company is easy to find online, they are very transparent about their activities and keep people updated on their work - all that makes them a shining example of a legitimate and reliable charity organization.
How to keep your mailbox safe from scammers?
A good way to keep your inbox clean of scammy or suspicious emails is to make sure they never reach you and end up in a spam folder instead.
Proper mailbox safety depends on three things 💪:
- Anti-malware. There are many anti-malware programs for every goal and purpose. Tools like Norton keep your log-in data safe, alert you on suspicious behavior, and intercept and isolate harmful files and viruses. Having good anti-malware software to protect your entire network is simply a must.
- Email safety guidelines. The majority of phishing problems happen due to a glaring ignorance about email safety protocols. For example, scammers were able to spoof the WHO domain name to send scammy phishing campaigns - all because the WHO didn't have a DMARC policy and left its data vulnerable. Therefore, if a credible organization doesn't protect its domain name and sender information with an SPF record, a DKIM signature, a DMARC policy, and a BIMI, it's quite easy for phishers to use its image for scamming people. The only way to remedy it is to keep educating people on healthy email outreach and the most foundational ways of protecting their email.
- Human factor. Your employees are your strongest asset. However, phishers and scammers will never start looking for a link - for a person in your company who can be manipulated or tricked into letting them in. This is why phishing blackmail and CEO fraud exist. Charity phishing will try to take advantage of your employees’ empathy as well - so your task is to instruct them on what they should do when they receive a “charity email” and how to differentiate between a real message and a scammy one.
Keeping your data and mailboxes safe from phishers is a never-ending endeavor - you can't expect to implement several security measures and stop at that. You will have to repeatedly improve your security, educate your team and contribute to raising awareness about the dangers of phishing. This task can be taxing at times, but not as taxing as fixing the damage done by phishers if they manage to get their way.
Bad people always find a way to manipulate the right cause to their advantage 😔. But the best things and moments happened thanks to good people standing their ground and following their choice to reach out and help. Staying empathetic, yet cautious and attentive to details will help you do the right thing without falling victim to fundraising phishers.
- Always check bank details before making a decision. Be wary of organizations that rely solely on cryptocurrency when asking for donations. While payments in BitCoin exist, ensure these payments are executed by large and trusted cryptocurrency companies.
- Another good way to separate fundraising scammers from well-meaning people is to read into their message. Scammers would always try to shock you or guilt you with urgency, so you would think less and pay up faster. Meanwhile, legitimate senders make it clear - whether you help or not, is up to you. Their goal here is to spread the information, instruct you on the ways you can help, and let you make your own choices.
- It's important to remember that phishers and scammers get particularly invasive during times of crisis. Keep your email safety protocols properly built and your anti-malware up-to-date - it will always protect you and your team from the most aggressive types of phishing emails and ransomware.
🙏🏻 If you have been considering contributing to a fundraising organization, don't wait for a random email to give you a sign. Find a fitting platform yourself and make the first step. Luckily, there are many companies to choose from and they all provide instant feedback as well as the way to track where your donations go and what they are spent on. This way, you will be aware of a reliable fundraising organization you can work with and never worry about compromising your mailbox.