Even when everything is going right, running a nonprofit can mean operating with limited funds and tight budgets. It is vital that nonprofits are good stewards of the funds entrusted to their care. Unfortunately, there are individuals who may try to take advantage of your organization through fraud. There are many types of threats nonprofits face relating to digital giving and below are a few specific scams of which nonprofit professionals should be aware.
In this situation, an individual may send a donation via check or credit card and then notify you that they inadvertently donated more than they intended. Upon noticing the “error,” they request that you promptly refund the excess donation. As many organizations want to provide excellent donor stewardship, the instinct may be to try and process this request as quickly as possible.
Oftentimes, the refund is requested to be sent via wire, peer-to-peer payment apps or to a credit card that is different from the original payment method. The original donation may have been made with a fraudulent check that will eventually bounce, or with a stolen credit card, meaning you have sent the scammer funds they never sent you.
To avoid such a scam, make sure the original funds are fully deposited into your bank account before considering any sort of refund. Consider developing policies that require contacting your bank for verification of deposit and availability of funds before a refund can be processed. Involving multiple people in a well-defined refund process also provides more opportunities for a scam to be noticed.
Want to read more? Here are helpful articles on this type of scam from the Oregon Department of Justice and State of Michigan Attorney General.
Nonprofit organizations can be targeted by gift card scams, in which scammers pose as donors or high-ranking employees within the organization. They may contact employees or volunteers, often via email or phone, claiming an urgent need for gift cards to support a cause or assist someone in immediate need. The scammer instructs the recipient to purchase gift cards with organizational funds and send them the codes. Once the codes are sent, the scammer quickly redeems them, leaving the organization with no recourse or ability to recoup the lost funds.
To reduce your risk of this scam, consider policies that require employees to make a phone call to verify any email requests that involve financial assets. Strong cybersecurity training can also help employees spot scams and attempted fraud.
View Church Mutual’s collection of cybersecurity resources for more cybersecurity-related information.
You've been planning all year for your popular annual fundraising event and the day has arrived. Then you discover a volunteer, who has sold raffle tickets at this event for five years, has only submitted a portion of the cash they collected back to the organization at the end of the event. Upon further investigation, it is discovered they have been doing this for multiple years and have stolen thousands of dollars from your organization.
If you allow volunteers to handle cash independently and have no method of accounting for the total number of tickets sold, and the corresponding amount of money that should have been turned in by each volunteer, your risk of theft is elevated. By requiring people who handle cash to work in teams and creating a stronger accounting system for cash handling, the opportunity for this type of fraud can be reduced.
Bad actors may attempt to gain access to organizational funds by submitting fraudulent invoices. These invoices may appear legitimate; however, pay close attention to mailing addresses and website URLs to ensure you are sending funds to the correct place. While these fraud attempts most commonly show up as an email, ensure your staff are paying close attention to paper invoices as well.
To prevent this scam, consider contacting vendors directly using known contact information. If there are any suspicions as to the invoice’s legitimacy, it is best to slow down, pay attention to details, and seek the counsel of others at your organization before proceeding.
As nonprofits may not have cybersecurity or fraud prevention departments, strong policies and regular training are vital to protecting your financial assets. By developing written policies for donation refunds, gift card requests and cash handling, you can lower your risk of being the victim of fraud and may reduce the expense of unnecessary credit card processing fees.
Strong internal financial controls such as segregation of financial duties, developing cash handling procedures, and providing regular financial reports to stakeholders can be simple ways to increase your organization’s resilience to fraud. Consider reviewing the Oregon Department of Justice’s Financial Control Recommendations for Small Nonprofits or consult with someone knowledgeable in your jurisdiction for tips and best practices.
Provide regular training for employees and volunteers who have access to company funds. While there are many topics to address, consider increasing awareness and reporting of any financial situation that is unique or has an unusual sense of urgency. Scams targeting nonprofits often exploit the goodwill and urgency of nonprofit work, making it crucial for organizations to educate their staff on recognizing and avoiding such fraudulent requests. Encourage your employees or volunteers to slow down and directly reach out to a co-worker before taking financial action. A little extra communication can go a long way in preventing common scams.
With rapid advances in technology, scammers and thieves are constantly on the hunt for new ways to take advantage of nonprofits and other purpose-driven organizations. It is important to regularly review your policies and procedures, as well as receive additional risk management support from a source who is knowledgeable and up to date on current trends and your organization’s vulnerabilities.
