November 13, 2018
Cybercriminals Target Charitable Organizations
Posted April 20, 2017
Even experienced cybercriminals need a little practice every now and then to keep their skills sharp or to master a new scheme. Lately, it seems as if charitable organizations have become their practice field.
So, why are cybercriminals focusing on charitable organizations? While money is always a factor, it could be the very nature of these organizations themselves that attract the attention of cybercriminals.
It’s All About Security
Fortune 500 companies, high-tech organizations and the like have large IT budgets and spend an enormous amount of money in an attempt to protect themselves from cybercriminals, hackers and fraudsters. However, charitable organizations typically don’t. They have tight IT budgets and limited personnel. As a result, their security teams struggle to repel these cyberthreats or aren’t even equipped to deal with them.
Obviously, organizations with less security become greater targets for cybercriminals. According to our Q4 2016 Cybercrime Report, fraud committed against charitable organizations is surging — with attacks up 35 percent compared with the same quarter last year.
But, these attacks aren’t always perpetrated with the idea of stealing money. Many are done as practice. Cybercriminals are using charitable organizations to test stolen identities, stolen credit cards and other credentials before using them for bigger opportunities.
They do this by using a stolen identity or credit card information acquired on the dark web to test charity sites and apps before making a large purchase elsewhere—resulting in pricy chargebacks for the charity.
It can even mean using bots and malware to steal identity information from the charity, or even hijack payments made to legitimate charities and funnel the money elsewhere.
Whether its chargeback fraud, phishing scams, ransomware schemes, or hijacked donations, charities are quickly finding themselves in the crosshairs of organized and networked cybercrime rings. And the impact can be calamitous.
First, there’s the theft itself, then there are the chargebacks. But, what might be even more damaging is the blow to your organization’s reputation, and the sector as a whole. Charitable organizations are always fighting to obtain donations and do everything they can to ensure trust in the minds of donors. If a charitable organization is associated with a cyber attack, that negative publicity could deter someone from making a donation to you, placing your causes in jeopardy.
Indeed, charity may begin at home, but fraud perpetrated against it has gone global. Along with homegrown fraud in the U.S., we’re seeing a notable increase in charity schemes originating from developing countries, such as Brazil, Egypt, Ghana, Jordan, Nigeria and Macedonia.
This is because cross-border transactions of all kinds continue to rise, now accounting for one in every four transactions — making them easy pickings for automated bot attacks and others.
Fighting back isn’t easy, especially for charities with limited staff and budgets. But a growing number of charitable organizations are realizing that they must take a more proactive approach to authenticating users and verifying payment transactions to avoid data breaches, session hijacking, and chargebacks from fraudulent payments.
As promising as that sounds, the cybercrime figures for Q4 make one thing clear. Organizations that don’t quickly find their footing in the fight against fraud may soon discover they’ve become the gift that keeps on giving — not to causes, but to crooks.