In 2022, around 333 billion emails were sent on a daily basis. That covers everything from a quick birthday message for a nephew to crucial business data on a future organisational decision. All that online activity leaves a massive opening for fraudsters, hackers, and digital thieves.
The trick is knowing how to best protect your Australian NFP from common email scams. You need to be aware of this to minimise your risk and avoid generating messages that could be mistaken for such scams. That helps you avoid the dreaded “junk” folder of your target audience’s inboxes.
The cost of email scams is in the billions of dollars. You need to ensure you’re working with experienced website designers and developers who can install 24/7 automated fraud protection around your website and links. Here are the top email scams you need to know to enhance your NFP’s security.
#1 – Spear Phishing
The goal of spear phishing is to use a targeted email aimed at an individual that convinces them to click on a link or provide information that is just as valuable as money. It’s usually someone involved in the day-to-day operations of a company or organisation. These attacks appear to be authentic messages from banks, financial institutions, government agencies, and healthcare providers.
Currently, AI-backed spear phishing scams fool more than 50% of targets. You should instruct your team to never share sensitive info via email without first confirming the identity of the sender.
#2 – Fake Invoicing
Anytime a fraudster can access your company’s email system, they can send out false invoices to previous partners, suppliers, and vendors. Imagine if a hacker sent out a 24-hour invitation to donate, with each dollar spent serving as an entry into a competition to win a new iPad. All this happens while you’re on vacation.
By the time you shut it down, your donors have spent thousands to millions on fake appeals, damaging your reputation and incurring financial losses.
#3 – Unsolicited Engagement
There are famous scams around Paris, Nepal, and Prague. It involves people walking up to targets, putting bracelets around their wrists, and demanding payment.
Unsolicited engagement kind of works the same. You receive an email for joining a local phone directory. Everything looks kosher, but when you send your NFP information, you receive a bill for hundreds of dollars. You have just been duped into something you thought was free.
#4 – Fake SEO
One of the most common email scams is companies posing as SEO experts requesting thousands in fees to get your NFP’s website to the top of Google results. In most cases, these “proposals” result in you sending a payment for a deposit on the work, only to never hear from the companies again.
#5 – The Dreaded Fake Partnership
As an NFP, you are highly sought after by fake nonprofits offering to partner with you. The email could appear incredibly authentic and even link to a real website, but when you contact the actual company, they cannot provide the information to verify the email. In many cases, they’ve never heard of the email you’re referencing.
Always, always, always reach out to the actual website of a potential nonprofit partner. If they don’t have a presence in the community you’re serving, you should be on your guard.
#6 – Vanity Awards
Being able to post a letter or icon on your NFP’s website about winning an award is a fantastic way to gain more traction. It boosts your reputation and authority in your niche market.
Scammers know you want that validation and will use it to offer “vanity” awards. These are awards that involve paying a fee. If the prize were genuine, you wouldn’t have to pay a thing.
There are some awards you can enter that involve an “entry fee,” but they are not likely to solicit your attention via email. It helps to know the difference.
#7 – Misspelled Emails
You don’t want to list your email on your website. Having something like paul.jones@nameyourcompany.com provides a template for hackers. They can then create a fake or spoofed email account by changing one letter. The email will appear authentic if you glance over it quickly, but it is actually from someone completely different.
The next time you send an update about mission goals, donor lists, or upcoming financial decisions with someone you thought was a trusted CEO, you’re offering that data up to hackers.
#8 – Facebook Community Standards
Facebook remains one of the largest social media platforms globally. Businesses love to use Facebook because older users rely on the platform to stay connected with family members and take advantage of its advanced marketing system, which targets specific demographics.
The problem is that your NFP could receive an email message stating that a recent post has violated community standards. Everything will appear legitimate, including a copy of your post and any accompanying media. However, when you click on that link, it doesn’t take you to Facebook. You might download malware or authorise the hacker to control your FB account – costing you time, money, and reputation.
#9 – The Official Notice
The final email scam your NFP needs to watch out for is the “Official Notice.” This is a generic term for any email that seems to come from someone or some company with regulatory or other authority over your nonprofit.
Working with the NDIS means you’ll be exposed to unwanted solicitations. Hackers will do everything they can to appear authentic and official, but really, they just want access to your private files or accounts.
The rule of thumb is always to use the contact information you know to be valid for official business. For example, if you receive an email from the NDIS, don’t respond to that email. Use the contact you know is authentic and provide a copy of the email message you received for confirmation.
Final Thoughts
Email scams are horrible. They open your NFP to all kinds of risk and end up costing you a lot of money to repair. You’ll need to educate your team on the common email scams you want to defend against.
Another good tactic is to have your website completely up to date and utilise security extensions. That will remove many of the spam and concerns you would have for email schemes.
At Web 105, we can help build you a modern, mobile-responsive, and security-oriented platform that highlights the many benefits of your organisation. Give us a call today, and let’s create a safe and engaging online presence for your NFP.
FAQs
What are the five types of business email compromise scams?
There are too many to list, but you’ll likely come across account compromises, impersonation, fraud, data theft, and fake invoicing the most.
Which is an example of a red flag in a phishing email?
A good “head’s up” is a generic greeting. Something that says “Dear Member” or “Nice to Meet You” is probably not that personalised or using the language your NFP is used to receiving.
How to confirm an email is legit?
Look closely at the sender’s address and any signs of phishing (suspicious attachments, links to addresses you don’t know, a sense of urgency that doesn’t make sense, etc.). If nothing else, stick to the email addresses you know are valid in your contact list and not a random message you’ve never seen before.