We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDora Davis
Modified over 6 years ago
© 2005 Convio, Inc. NTEN Webinar: Protecting your organization and donors from online scams February 23, 2006
2 © 2005 Convio, Inc. Online Fraud Techniques ■ Some current types of online fraud: ▶ 1. e-Commerce vendors can be defrauded of merchandise e.g. by people using stolen credit cards; this doesn't affect online donations, because there is no merchandise to be fenced / resold ▶ 2. Phishers trick people into giving them financial information ▶ 3. 419'ers use the internet to pitch victims ▶ 4. Carders use online donation websites to test stolen card numbers ▶ 5. Hackers break into computers to steal data ■ Many of these are of interest to nonprofits
3 © 2005 Convio, Inc. Fraud is not a new, internet-related problem ■ A donation phishing scam is no different than: ▶ someone standing in the mall shaking a collection tin with your organization's name on the side ▶ a fake fundraiser soliciting “donations” door to door or on the telephone ■ Because the internet is a newer medium, the public is less “street-wise” about how to spot scammers ■ Technology will never prevent fraud, education is the key solution
4 © 2005 Convio, Inc. What is a phishing scam? ■ Phishing is a technique used by online fraudsters to collect people's personal information to be used in subsequent fraud activities ■ Phishers try to obtain: ▶ credit card numbers ▶ names and addresses ▶ social security numbers ▶ passwords for online banking, PayPal, etc. ■ “Phished” data is now a commodity in online fraud circles – stolen credit card numbers sell for about $1 each in hacker forums
5 © 2005 Convio, Inc. How does phishing work? ■ The phisher sends out spam emails which mimic those from a well known financial institution ■ A typical come-on line: “Come to our website to re-verify your login” ■ Links in the email take the unwary to a website run by the phisher, which collects their data ■ The non-profit connection: After major disasters, phishers target potential donors to well known relief agencies like the Red Cross
6 © 2005 Convio, Inc. Phishing example Forged “From” address Link text is a PayPal URL, but clicking takes you to the phisher's site The usual pitch: “Your account information needs to be updated...”
7 © 2005 Convio, Inc. How can I help protect my donors from online fraud scams? ■ Educate donors to take a few simple precautions ▶ Be suspicious of unsolicited or unexpected email ▶ Don’t click on untrusted email links – instead, go directly to the organization’s Web site, or use a reputable search engine ▶ Always review credit card statements for unauthorized charges ■ Arm donors with the information they need ▶ Provide guidelines for locating your official Web site ▶ Actively promote your URL ▶ Tell donors who your service providers are for email and donation processing
8 © 2005 Convio, Inc. Common misconceptions ■ “Make sure the URL matches the organization” ▶ In an HTML email, the text of a link can be anything, including a different URL from the link target ▶ Many non-profits use a service provider, and their donation forms use the provider's secure URL ▶ Conversely, it's easy for a scammer to use a fake URL that's very hard to spot: remember paypaI.com (did you notice... “pay pie” with a capital “ I ” ? ) ■ “Nonprofits don't solicit donations by email” ▶ They certainly do, but only from opted-in list members... they don't spam
9 © 2005 Convio, Inc. How can I help protect my donors from online fraud scams? (2) ■ Encourage donors to verify the legitimacy of an organization before donating funds ▶ GuideStar: www.guidestar.org ▶ CharityNavigator: www.charitynavigator.org ■ Publish Sender Policy Framework (SPF) information for your email “From” address ▶ Consult with your email marketing provider ■ If you discover a fraud site ▶ Contact the host ISP and request that it be blocked ▶ File a report with the FBI at http://www.ic3.gov/
10 © 2005 Convio, Inc. Carding: How it works ■ Carders use online donation sites to test stolen credit cards, to make sure they are still valid, before using them for fraud ▶ Carders make a small donation, and see if they get a thank-you page or a rejection ▶ Often done in large volumes with automated software ▶ Some fraudsters just make up card numbers using generator software, and use carding to find out which ones are real
11 © 2005 Convio, Inc. Carding: What should nonprofits do? ■ Carding does not defraud the nonprofit, but it is a nuisance to clean up after a carding run ■ What to do: ▶ Consult your service providers ▶ Anti-fraud technology can help to detect and block carding runs in progress ▶ If you get carded, you (or your provider) must refund the fake donations – keeping the money would be fraud, and will result in chargebacks
12 © 2005 Convio, Inc. Defending against hackers: what should my organization be doing? ■ Make security of donor information a priority: ▶ Don't be tempted to build an amateur donation form, use a professional solution: - No excuses... Network for Good is free ▶ Never collect and store credit card numbers or SSNs, and especially not on your website – a hacker can't break into data you don't have ▶ Never email donor information ▶ Make sure your donor database is very secure ▶ If you are using SSNs as member id's... stop! ▶ Sloppy security is becoming less tolerated - example: California SB 1386 “Hacking Disclosure” Law
What Are Scams? Scams are designed to trick you into giving away your money or your personal details. Scams come to you in many forms – by mail, ,
Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
1 Identity Theft and Phishing: What You Need to Know.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
What is identity theft, and how can you protect yourself from it?
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
8 Mistakes That Expose You to Online Fraud to Online Fraud.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Ethical Hacking by Shivam.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI. Do you know someone who has been scammed? What happened? Been tricked into sending someone else money (not who they thought they were)
Quiz 2 - Review. Identity Theft and Fraud Identity theft and fraud are: – Characterized by criminal use of the victim's personal information such as a.
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction What’s the big deal with computer security? Don’t we have an IT security department to take.
How It Applies In A Virtual World
© 2021 SlidePlayer.com Inc. All rights reserved.