Skip to main content

It’s International Charity Fraud Awareness Week, a global effort to help charities and donors avoid charity fraud. The FTC has united with state charities regulators, the National Association of State Charities Officials, and international partners in the campaign. By joining forces, we can reach more charities with information and advice. This year, the focus is on what charities can do to help defend against cyber threats. We hope businesses will carry the message to their communities and share free cybersecurity resources from the FTC.

Why are we asking you to help spread the word? Two reasons. First, business leaders play a key role in the non-profit sector – volunteering their time, serving on the boards of charities, and sharing their professional expertise with community organizations. Second, you know from experience about the dangers that hackers and scammers pose to insecure networks. So when business executives speak on this subject, charities listen.

Cyber criminals pose a particular risk to charities. Local non-profits may not have IT professionals on guard against unauthorized access. That’s why hackers sometimes target non-profit groups, exploiting any opportunity to break into networks, steal data, and even divert funds away from those in need. How do they do it? Scammers may try to trick staff members into giving them access to the organization’s network or they may lure employees or volunteers into downloading malware that can corrupt the charity’s computers. From the charity’s perspective, any amount of money lost to a scam is too much. And a hack that causes systems to shut down for even a few hours can have a disastrous impact on fundraising efforts, not to mention that donors may lose faith in a group if their information is compromised after they donate.

The FTC’s Cybersecurity for Small Businesses site features resources – fact sheets, quizzes, videos, etc. – suited for the non-profit sector. Resources on ransomware, phishing, business email imposters, web host hiring, and more can help charities protect the data they collect, including donors’ personal and financial information. You’ll also find to-the-point tips on training employees and volunteers to protect organizations’ files and devices, rebuff phishing attempts, and keep networks protected.

Not sure where to start? The next time you have a board meeting or donate time to a favorite charity, suggest that they start with the basics:

  • Set up software to update automatically.
  • Secure files by making a back-up offline.
  • Require passwords for all devices.
  • Use multi-factor authentication like a PIN or key.
  • Encrypt devices.

These are just some of the tips you can find at All the information is also available in Spanish at


It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

More from the Business Blog

Get Business Blog updates