The IRS has released its annual Dirty Dozen list, which raises awareness of the biggest scams taxpayers are likely to fall prey to each year. Included in the IRS 2024 Dirty Dozen is a reminder of a common scam those in the not-for-profit sector know all too well: identity theft via fraudulent donation requests.

Although you should have confidence that your organization’s donors and the general public would be able to spot illegitimate requests for money, too many cybersecurity breaches are occurring. Often, cybercriminals make requests in the aftermath of a real current event that would spark interest in a particular not-for-profit’s mission. With some of these requests, the criminal poses as a completely fictitious organization, some are veiled to deceive well-meaning donors by using similar names or logos to legitimate charities or stealing a not-for-profit’s likeness entirely.

Steps You Can Take to Safeguard

As a not-for-profit, reputation management is key to maintaining devotion to your mission, and this begins with building trust. Proactively communicating with your audience is key to maintaining strong relationships — and here are some ways to start this conversation with your audience and employees.

• Be transparent about how your organization does (and does not) fundraise. Have information containing your organization’s fundraising policies readily available on a verified site — can people expect emails, calls or texts from you? Are credit card payments made through a secure portal? What is the correct address for mailing checks? Conversely, clearly outline that your organization will never ask for donations in the form of gift cards or wire transfers, and will not ask for sensitive personal information, like Social Security or driver’s license numbers, from donors.
• Keep donor information secure. Cybercriminals can’t access data you don’t store, so it’s best to ensure your organization isn’t saving any information about donors that you don’t need. Be forthcoming with your regular donor base about information that may be stored and how it’s used.
• Implement strong cybersecurity measures and education. Although these scams sometimes originate without any hacking, having strong security measures in place to protect donor information is always a good idea. Review and update your organization’s password requirements, firewalls, encryption and internal education procedures for employees (i.e., conducting phishing tests, mandatory information technology (IT) training and more).
• Revisit security policies on a regular basis. For those organizations that don’t already have routine cyber hygiene policies in place, it’s best to enact policies to regularly update passwords (to official sites and accounts as well as for each employee), your document retention policy and evaluate any third-party vendor relationships your organization has that may be storing sensitive information. In a sector where many people are stretched thin, it’s imperative that routine cybersecurity audits don’t fall by the wayside.

Connect With Us

At CBIZ and MHM, our team of experts is dedicated to supporting your not-for-profit organization's unique needs. Our professionals are equipped to offer tailored assistance that enhances your organization's efficiency and effectiveness. Connect with one of our not-for-profit practice leaders today to explore how we can assist you in prioritizing your mission.

Copyright © 2024, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly traded and privately held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).