On this week’s episode of the CyberWire’s Hacking Humans podcast, Dave Bittner and Joe Carrigan discussed a story written by two lawyers for Church Law & Tax that warns of a type of scam involving donation refunds.
In this scam, a fraudster contacts a church or another nonprofit and says they’ve accidentally donated a much larger amount of money than they intended — for example, $5,000 instead of $50. The treasurer at the organization checks the online donation records and sees that there is a recent donation of $5,000 from someone using the same name as the caller. The treasurer, wanting to be helpful, issues a refund of $4,950.
Several days later, however, the bank issues a chargeback for $5,000 due to insufficient funds in the scammer’s account. The victim then realizes that the $5,000 was never in the church’s account, and the scammer received a $4,950 refund for a non-existent donation.
Bittner notes that the attorneys writing for Church Law & Tax make the point that nonprofits can’t simply hand out refunds haphazardly, and that they have no legal obligation to refund donations at all. However, they add that most churches and nonprofits would feel a moral obligation to refund someone who accidentally donated a large chunk of their income, so they should have trained personnel and clear protocols for handling these requests.
Carrigan added that organizations can protect themselves against this scam by waiting until payments have been cleared by the bank before touching the money. He said that the scammers deliberately make the situation sound dire so that the victim doesn’t stop to think.
“That's one of the tactics of these scammers. They try to make it urgent and to short-circuit your thinking and to get you to react without going through the proper processes,” Carrigan said.
Employees need to be aware of how financial transactions work and the ways in which scammers exploit features of the banking system. New-school security awareness training can make your employees resilient to social engineering attacks by building a culture of security within your organization.
The CyberWire has the story: https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-08-01.html
Link to Church Law & Tax article: https://www.churchlawandtax.com/blog/2018/june/what-to-know-about-new-donation-scam.html