Nonprofit organizations can be particularly vulnerable to fraud. Employees who are passionate about their cause can be potentially disarmed by people who share their interests. Additionally, it can be difficult for organizations that rely heavily on volunteers to provide consistent training against the warning signs of fraud.
Nonprofits should be wary of the dangers posed by quishing or phishing, as they can significantly jeopardize both your business and personal reputation. In the context of phishing, which aligns with the Oxford definition, this involves the deceitful tactic of dispatching emails or other communications that feign authenticity from reputable entities. The goal is to manipulate recipients into divulging sensitive details like passwords and credit card numbers. These phishing schemes can manifest in various guises, ranging from a trustworthy friend beseeching funds to a seemingly legitimate delivery service soliciting confirmation, or even an ostensibly official bank communication soliciting confidential banking particulars.
Quishing uses similar techniques but starts with a QR code instead of an email to direct the user to a website or app where the criminals will try to collect sensitive information. The QR code can come in an email, a text, or even be posted in public spaces. Before following a QR code to a site, always look at the link it is directing you to, and exercise caution if it’s not a site known to you. One particularly concerning example seen recently was an email purported from Microsoft claiming to require users to update their Authenticator app, with a QR code that took victims to a malicious site; by viewing the QR code with a camera but not clicking the link, a user could see that the site was not related to Microsoft or an legitimate app store.
To safeguard your organization against these treacherous endeavors, keep an eye out for the following warning signs:
- Exercise caution by refraining from clicking on any dubious email links or QR codes
- Practice vigilance by abstaining from clicking on any suspicious attachments.
- Validate the credibility of the sender or institution before engaging with an email.
- Scrutinize the communication for any instances of grammatical errors, which can be a warning sign of phishing
- Stay alert to emails that employ an urgent or coercive tone, such as phrases like “Urgent” or “Act Now.”
These pointers can serve as effective tools for nonprofit organizations and individuals to use against a potential phishing or quishing endeavor. Additionally, consider the implementation of a DNS-based malware filtering system and employing anti-virus software to provide supplementary layers of protection.