Live Webinar 11/20: SMB Cyber Survival Guide 2025

Nonprofits face risk of cyber scams this holiday season

Coalition Blog: Nonprofits face risk of cyber scams this holiday season

2022 is drawing to a close. The season of giving reminds us to take care of one another and support charitable causes through donations. 

However, every donation is a transaction, and every transaction is an opportunity for a threat actor to commit a cyber crime. Unfortunately, this happened to one of our nonprofit policyholders that serves vulnerable populations.

Learn what transpired and the four steps you can share with your clients to avoid the same fate this holiday season.

Stealing donations from a copycat domain

One day, our policyholder received a call from a donor asking if they were still accepting donation checks. Immediately, she sensed something was wrong and, after viewing their website, discovered a spoofed landing page attempting to redirect donation payments to a fraudulent Square account. 

She frantically called Coalition's Claims number in tears to report what was happening. Coalition Incident Response (CIR) and Claims teams sprung into action immediately. In their investigation, CIR discovered several factors which contributed to the incident:

  • All volunteers for the nonprofit were using the same Office365 email account

  • Multi-factor authentication (MFA) was not enabled. 

  • The same credentials for the email account were used for their Salesforce platform, which tracked donations. 

After compromising the nonprofit's credentials, the threat actor was also able to pivot to a shared file account and discover an Excel document of the nonprofit's donors. This is how the threat actor hijacked the shared email account and redirected donors to the fake landing page for donations. 

How Coalition stopped the bleeding

These claims are fairly common and included in our cyber coverage. Security failures led to a data breach, which resulted in a business email compromise (BEC). Coalition's breach response coverage includes legal fees for a breach coach who handles breach notifications. The cost of forensics was also covered under breach response, and in this particular case, they were able to use our in-house CIR team.

Luckily, no donations were lost to the spoofed website, so we didn’t need to help our policyholder work with their donors and their banks to recover the money. However, if our policyholder had been duped into wiring funds to the fake website, funds transfer fraud (FTF) coverage would have protected our insured. 

Help your nonprofit clients during the donation season

We're here to help our policyholders if a cyber incident arises, but you can help prevent a similar fate this holiday season. Here are four tips this nonprofit could have followed for better cybersecurity:

  1. Never share login credentials. Each share increases your attack surface.

  2. Never use the same credentials for multiple logins. Sharing credentials only puts other accounts at risk. 

  3. Use MFA for an additional layer of protection on all online accounts. MFA requires a user to verify their login through a secondary device to gain access to an account.

  4. Use a password manager. Password managers allow users to store and generate secure, unique passwords.

The season for staying vigilant

The holiday season is ripe with opportunities for threat actors to dupe individuals into making cybersecurity errors. We're here to help our policyholders if it happens, but brokers can be great advisors to their clients this time of year by reminding them to exercise extra caution.

For more tips to share with your clients and how to avoid holiday scams, head over to our holiday scams blog