How do you think this would go over with your prized donors?
They get an email from your non-profit organization saying you plan to process a $2,000 credit card payment in two hours. The email invites them to review and verify this payment by clicking on a link.
The email address is from someone they recognize as affiliated with your organization. The address appears to be legitimate, so donors think you’re making a $2,000 mistake with them.
This happened last month to the donor base for Special Olympics New York. The organization said a hacker gained access to a “communications system” and stole donors’ contact info.
The organization didn’t say how the hacker gained access to the “communications system.”
Still, discovering a crook gained a pathway to their donors to try to steal credit card information probably gave Special Olympics New York officials some indigestion, to say the least.
While the hacker used a rather abrupt writing style to “acknowledge” the contribution, we guarantee other hackers with better English grammar skills will try the same thing again.
Don’t leave your donors’ contact information sitting unprotected on a server with weak or no security. While you can claim, as Special Olympics New York did, that the emails were fraudulent and no financial information was stolen, who wants donors linking you with poor protection of their information?
Also make sure your staff follows strong cybersecurity measures – starting with strong, unique passwords to log in to your system and an authentication system to confirm their identity.
If you want to avoid this nightmare but aren’t sure what steps to take, explore your options by having a chat with us. A conversation is free and can give you some basics for getting started.