While a strong desire to help drives many to donate to worthy causes, especially during times of crisis, this generosity can be exploited by cybercriminals. Before donating to an unfamiliar charity or responding to an unsolicited email about relief efforts, consider these important reminders:
Charity scams
Generous donors want to help by supporting charities that help raise funds for assistance. We certainly encourage generosity to help anyone in need but caution donors to avoid questionable appeals, as recommended by the BBB Wise Giving Alliance:
- Can the charity get to the impacted area?
- Is the charity experienced in providing emergency relief?
- Are you considering crowdfunding appeals?
- Some crowdfunding sites do little to verify that the money goes where the organizer says it will so exercise caution before giving.
- Does the appeal make exaggerated financial claims such as, “100% will be spent on relief”?
Genuine charities are engaging in relief efforts to help and support people in need. Some certified relief effort organizations include, but are not limited to:
Phishing Messages
Sadly, cybercriminals take advantage of this outpouring of concern as a thematic lure for their malicious activities. They know that when people are emotional about a certain situation, they can be less likely to act prudently when presented with emails, SMS text messages, or advertisements involving relief efforts that would otherwise seem suspicious.
Criminals have developed enticing relief-related content to trick victims into clicking on malicious links and attachments. Lures are commonly found in phishing email campaigns attempting to distribute information-stealing malware or ransomware on personal computers and mobile devices.
What to watch for
Beware of fraudulent emails, texts or calls asking you for money to help support relief efforts. Many cybercriminals will attempt to mimic certified relief effort organizations to gain access to your personal and financial information. Legitimate charities will not reach out to you directly to ask you to donate.
Do not let your guard down
Beware of requests for personal information
- If you receive a message from what appears to be a valid charity or relief organization, that requests for you to provide personal information or banking information of any kind, do not reply to the email. Report the email immediately to security@ubc.ca.
Avoid opening emails when your attention is divided
- If you are in a meeting and simultaneously trying to keep up with emails, you could accidentally open a message or click on a malicious link that you otherwise would have avoided. Wait until your meeting is over when you can review the email with your full attention and respond accordingly.
Do not click or tap on any links in emails while on your phone
- Many faculty and staff choose to have their FASmail messages available to read on their phone. While this is a convenient option, some messages are not fully displayed on mobile devices, meaning clues that would normally alert you to the suspicious nature of a message may be hidden.
Take immediate action if you accidentally fall for a phishing email
If you respond to a phishing email with your password, change it immediately and notify the UBC Cybersecurity team at security@ubc.ca so they can work with you to protect your account.
Go Further...
- Complete the full Fundamentals training to learn how to protect yourself and others
- Learn more about dealing with phishing emails at UBC
- Tips for Faculty & Staff when working on or off campus
- Tips for Students when studying on and off campus