By Drew Fox Jordan • December 1, 2020

    This Giving Tuesday, Hackers Are Going Phishing. Don't Take The Bait.

    On a day like Giving Tuesday, fundraisers are being pulled in all different directions. They don’t have time to carefully inspect every email that comes through their inbox to make sure it isn’t spam. This provides malicious actors a perfect opportunity to take advantage of a lack of attention to security. The consequences are far-reaching and very costly, ranging from organizational reputation to potentially huge sums of money in ransoms.


    This Giving Tuesday, Hackers Are Going Phishing. Don't Take The Bait.

    So how can fundraisers protect themselves and their organization from a potential data breach? Here are some easy tricks to quickly identify phishing attacks and how to avoid them:

    Identify the bait:

    Scammers might send a fundraiser an email posing as another nonprofit asking for a donation because they know that gift officers can be donors too! This email will ask you to click on a link, give a password, or bank account information. If the fraudulent link is clicked, the scammer can install malware on your device and compromise the entire system - in this case, the database of the fundraiser’s nonprofit organization - putting that donor data at risk. Because of the time-sensitive nature of Giving Tuesday, this appeal will often prompt you to act quickly. Taking the time to properly vet that email might be a difference-maker in keeping your organization safe.

    Avoid the hook:

    Dive deeper into checking out the validity of the email by looking up the website or phone number of the organization contacting you. Rather than calling the phone number provided, call the organization directly and ask about the email you just got if you think it looks suspicious. Oftentimes, being able to inquire about a possible scam directly can confirm that it is a fake email without having to do much digging.

    These scams will often have some tell-tale signs that expose it as being fraudulent. First, do you have any history of giving to this organization? If you have never heard of the organization before, there is a good chance it is not a legitimate nonprofit that already had your contact info in their system. Second, these messages often have poor spelling and grammar, or missing your name. Lastly, these emails request personal information. Scammers are relying on you being distracted and providing sensitive data without a second thought.

    Protect yourself:

    Phishing emails have gotten more sophisticated and realistic in the past couple of years. Detecting them is becoming more difficult for employees that are just trying to get their jobs done. Legacy end-point security software can no longer detect many complex scams due to the advanced nature of the attack. Ultimately, protecting yourself and your organization will come down to what is known as Human-Layer Security, or HLS.

    Mistakes due to human error are inevitable, but the negative consequences are not. By focusing on HLS, Gravyty Guard protects against the vulnerabilities that will define the next decade in the nonprofit sector by alerting employees of potential data breaches before they happen.

    Gain insight into your organization's human-layer security posture by taking our FREE 15-minute data security health assessment. You’ll receive insight into potential threats to your donor data’s security and steps you can take to prevent a data breach that places your donor’s data, and trust, at risk.



    Posts by Topic

    see all