Charity Scams and Cybersecurity Threats amid Russian Invasion of Ukraine
Governor Kathy Hochul today advised New Yorkers about charity scams and increased cybersecurity threats related to Vladimir Putin’s invasion of Ukraine. The New York State Division of Consumer Protection has learned of fraudulent requests for charitable relief money to support victims of the war. Consumers are encouraged to carefully evaluate any request for money and verify charities prior to donating money or supplies. Governor Hochul also encourages New Yorkers to remain on guard when releasing sensitive information online amid an uptick in cybersecurity threats through the utilization of security recommendations from the Department of Taxation and Finance. This follows the Governor’s formation of the Joint Security Operations Center, which serves as the center for joint local, state and federal cyber efforts.
“New York is home to the largest Ukrainian population in the United States, and New Yorkers always lend a helping hand to take care of those in need,” Governor Hochul said. “However, we must remain cautious of those who try to commit fraud, taking advantage of others’ kindness. In your generosity to help our Ukrainian friends and family, remember if something seems suspicious, it likely is. Encourage your friends and family, especially elderly loved ones, to stay vigilant online.”
Any time disasters occur, scam artists prey on the heartstrings of individuals looking to help. The invasion of Ukraine provides an opportunity for fraudsters to set up fake charities or pose as compelling war victims. Others design websites to mimic a legitimate charity’s official site to steal unsuspecting donors’ money and/or personal information.
Scammers often make contact via social media, unsolicited emails, phone calls, or text messages. They may ask to send money through a payment app like Cash App, Venmo or Zelle, wire the money to an offshore bank account, or send prepaid gift cards. Many recent scams include requests for donations in cryptocurrency, such as Bitcoin or Ethereum. Scam artists are creative and will continue to think of new ways to defraud people, so consumers must always be vigilant.
To prevent donation money from falling into the wrong hands, the New York State Division of Consumer Protection recommends taking the following precautions:
- Verify the request. Scammers are more frequently posing as friends, family or romantic interests on social media and requesting donations; it is easy to copy someone else’s photo and biographical information and create a fake account online. If you receive an unsolicited request for donation relief online, even if it appears to be someone you know, connect with the person directly through a different communication link to verify the request. Do not click on any links or complete forms before verifying the source. If the request is coming from someone you only recently met online, it is most likely a scam and you should be especially wary.
- Research the charity. Don’t rely on a charity website alone. Search online before donating to any charity using the name of the group plus search terms like “review” and “scam”. The Federal Trade Commission recommends checking with give.org, charitynavigator.org,charitywatch.org, or candid.org to see reports and ratings for charities. You can also check with the Internal Revenue Service (IRS) for verification that a charity is registered. The Office of the Attorney General also recommends reviewing the Charities Registry for financial reports prior to donating to ensure the charity is fiscally sound.
- Resist high-pressure tactics. While the situation is urgent, consumers should resist being pressured to donate immediately. Scammers often pressure you to donate immediately, causing you to overlook red flags in their story. Beware of direct e-mails from “victims” and solicitors who employ heart-wrenching stories, insisting that you donate immediately. Do not to give money over the phone to unsolicited telemarketers; instead, ask the caller to send written materials about the charity and where to donate, if you choose.
- Keep personal information private. Never give your Social Security number, credit card or debit card number, or other personal identifying information in response to an unsolicited charitable request. If donating online, ensure that your internet connection is secure before following through on donation requests.
- Ask how your money will be spent. Consumers want to know that their money is going directly to the victims. A genuine charity should be able to let you know how much of your donation will go directly to the program as opposed to administrative fees.
- Donate by check or credit card. Never give money using cash, gift cards, crypto currency, or any tender that would be difficult to trace. Give your contribution by check or credit card to ensure that you have a record of the donation. Make checks out to the charity, not to an individual. If you choose to donate via a charity’s website, check that the website is secure and that your computer is equipped with the latest anti-virus protection.
If you suspect that you have encountered a fraudulent attempt to receive donations, you can file a complaint with the New York State Division of Consumer Protection at https://dos.ny.gov/file-consumer-complaint.
The Division’s Consumer Assistance Hotline is open Monday to Friday, excluding State holidays, 8:30am to 4:30pm at 1-800-697-1220. You can find more information and tips by following the Division of Consumer Protection on social media on Twitter (@NYSConsumer) and Facebook (www.facebook.com/nysconsumer).
Amid heightened international concern about cybersecurity, the New York State Department of Taxation and Finance also shares a series of critical tips to help taxpayers safeguard their private information during tax season and throughout the year:
Be wary of unsolicited emails and telephone calls asking for personal information. Never share personal information, such as your Social Security number, in response to an unsolicited email or telephone call. If the email or call claims to be from a company with which you do business, call it directly to confirm the contact is legitimate. Scammers often use scare tactics and threats related to tax debt to get you to share your personal and financial information.
Secure your mobile devices. Apply software updates that patch known vulnerabilities as soon as they become available. Use security features built into your device, such as a passcode, and use programs that encrypt data and remotely eliminate contents if the device is lost or stolen.
Be careful with Wi-Fi hotspots. Public wireless hotspots are not secure, which means that it’s easy for cyber thieves to see what you are doing on your mobile device while you are connected. Limit what you do on public Wi-Fi and avoid logging into sensitive accounts.
Know your apps. Thoroughly review the details and specifications of an app before you download it. Review and understand the privacy policy of each mobile app. Be aware that the app may request access to your location and personal information.
Be cautious about the information you share on social media. Avoid posting your birthdate, telephone number, home address, or images that identify your job or hobbies. One reason: this type of information can be used to determine answers to security questions used to reset passwords, and makes you a target of fraudsters who seek to access your accounts and personal information.
Use strong passwords. Create different passwords for all your accounts. When it comes to passwords, try to use one with at least 14 characters, the current industry standard. Use a combination of letters (uppercase and lowercase), numbers, and symbols. Consider passphrases in which you use the first letters of a memorable phrase to create a complex password that is difficult to guess. Regularly change your passwords/passphrases.
Vary your security questions. Don’t use the same security questions on multiple accounts. Select security questions for which the answers cannot be guessed or found by searching social media or the internet.
Use two-step verification to access accounts. To enhance the security of online accounts, whenever possible require a password and an extra security code to verify your identity when you sign in.
Beware of phishing. Don’t click on links, download files, or open attachments in emails from unknown senders. Open attachments only when you are expecting them and know what they contain, even if you know the sender.
It’s important to regularly review the steps necessary to secure your sensitive information.
Report it. If you’re a victim or believe you may be a victim of tax-related identity theft, alert us immediately. We will track your information to help keep it private and protected. Visit the Tax Department’s Report fraud, scams, and identity theft webpage.
The Tax Department uses advanced encryption, firewalls, intrusion-detection systems, and other security measures to safeguard our systems and sensitive data, but taxpayers must also take a proactive approach to protecting themselves online.