Not-for-Profit Scams to Put on Your Radar
Swindled, taken, hoodwinked, duped, conned—call it what you like. Many not-for-profit organizations continue to be soft targets for fraud. According to a Global Fraud Study by the Association of Certified Fraud Examiners, not-for-profit organizations lose approximately 5% of their revenues each year due to fraud.
Not-for-profit organizations are often at a disadvantage to their for-profit counterparts due to their limited resources. Those organizations lacking stronger controls and experienced staff could set the stage for fraud. Unfortunately, fraudsters at not-for-profit organizations don’t fit a certain model. They can be internal or external parties. They span different ages and range from volunteers through executive directors. One key to defeating fraud is to recognize the various types:
The Donation Refund
This is where a bad actor, using a stolen credit card or bad checks, sends a large donation to the not-for-profit. After the scammer receives a thank-you acknowledgement, he or she contacts the not-for-profit and indicates a mistake was made. Instead of a $7,000 donation, it was meant to be $700. He/she then asks the not-for-profit to refund the $6,300 difference.
These include a variety of computer-based tactics that scammers use to get not-for-profit employees to release valuable information by clicking on a corrupted link or opening a malicious attachment. This includes viruses (may allow the perpetrator access to the not-for-profit’s computer systems); phishing (emails that fool staff into providing information such as passwords and donor information), and ransomware (a virus that can lock a computer system until a ransom is paid).
The Phony Boss
Here, there is a request from a seemingly senior member of the organization. For example, someone claiming to be the executive director sends an email to the accounting manager asking for a wire transfer of funds to an account related to the organization’s annual gala. (The perpetrator has probably researched to find out personal and professional information about the ED.) To the accounting manager, everything appears to be legitimate.
While bad actors are always coming up with new techniques, you still need guard against traditional fraudulent activities: using company checks or credit cards for personal use; payroll schemes regarding hours worked, pay rate or paying “ghost” employees; skimming donations before they are recorded; paying dummy invoices; or tampering with financial statements.