How to protect your organization, your people , and yourself from this common scam.
As the holiday season approaches, we want to remind everyone, from our non-profit clients, our volunteers, and our interns to remain vigilant against phishing scams. Cybercriminals often target organizations, especially non-profits, during this time of year, aiming to take advantage of the higher volume of emails, donations, and online activity. Phishing scams are one of the most common threats nonprofits and individuals face, especially during the holiday season. By understanding the tactics scammers use and taking proactive steps, organizations can protect their donors, staff, and mission.
Simple steps you can take to protect yourself from phishing scam.
- Be cautious with unfamiliar emails: If you receive an unexpected email—particularly those requesting sensitive information, urgent actions, or financial transactions—take the time to double-check both the sender’s address and the content of the message before responding.
- Do not click suspicious links or download attachments: Always hover your mouse pointer over links to verify the actual URL before clicking. If the link appears suspicious or unfamiliar, do not interact with it.
- Verify requests for payments: Scammers frequently impersonate legitimate organizations or staff members. Always confirm any financial requests by contacting the individual or organization directly, using a trusted phone number or email address—not the contact information provided in the questionable message.
How Nonprofits Can Protect Themselves
- Spread awareness – remind staff, clients, volunteers, and donors that scammers target holiday generosity.
- Secure donor communications – Use official channels (your verified website or trusted platforms) for fundraising appeals. Remind donors that you will never request sensitive information through unsolicited emails or texts.
- Encourage verification – Encourage supporters to check your nonprofit’s legitimacy through trusted sources like CharityNavigator or GuideStar before making contributions.
- Practice cyber hygiene – strong passwords, multi‑factor authentication, and cautious clicking go a long way. What is Cyber Hygiene?
The Cost of Holiday Scams
According to the FBI’s Internet Crime Complaint Center, non-payment and non-delivery scams cost victims over $309 million in 2023, while credit card fraud added another $173 million in losses FBI.gov. These numbers highlight how devastating phishing can be, not just financially, but also in eroding trust between nonprofits and their donors.
Key Takeaway
Phishing scams thrive on holiday cheer, urgency, deception, and trust. Nonprofits can safeguard their communities by raising awareness, verifying communications, and promoting secure donation practices. By staying vigilant, organizations protect not only their financial resources but also the integrity of their mission.
Sources for more information about holiday scams