Ops Insights #076 - Scams: Stop - Question - Verify
October 30, 2025 | Read Time: 3 minutes | Written by Jenny Kleintop
Remember the days when we spent time getting donors comfortable giving online? Now, they are, but now the scams happening are getting more sophisticated and smarter. Many times, it’s hard to decipher reality from fake. With the rise of AI tools, it’s harder because the content being generated is getting better. However, it’s important to pay attention. Why? Because every dollar you raise is vital to the mission you serve, and you don’t want scammers taking it away.
It’s important to be aware of the massive scams threatening our online banking and giving platforms.
Are you paying attention?
I posted on LinkedIn about five things that recently happened in 6 days at a nonprofit where I’m serving.
What can you do about it? Increase awareness and education in your office. Ask your privacy office, your IT, or a team member to take the lead on this. It’s important, as you do not want operations to suddenly come to a halt because a scammer got into your bank account, redirected donors to their online pages over yours, or convinced one of your team members to click on a link that takes control of all your online files.
It’s not only important to prevent these attacks to keep dollars in the door, but it’s vital to protect the donor data you have, as you have a legal obligation to protect the data you have. It’s part of the donor bill of rights.
One way to educate your team is to use the Stop-Question-Verify (SQV) method.
Stop when your gut tells you something is off. For example, if your bank is verifying activity and asks for your birthday, it’s not legit. Stop and don’t continue. If a support rep asks you to disconnect from a VPN and connect to theirs, stop and don’t continue. Listen to that voice inside that tells you that something is off. Listen to that gut feeling that says this is not right. Then stop!
Question to double-check to see if the email, person, or site is legit. For example, in emails, look at the sender's name and email address. Is it odd, a random URL, or a made-up name? Then it’s not real and should be marked junk and blocked. Is there a link that says you must fill out something to get paid, but the signer just lists human resources or payroll instead of your actual payroll or HR rep? Then it’s not real and should be marked junk and blocked.
Verify with a trusted person before proceeding. For example, if you are being asked to wire money because your CEO said so, pick up the phone and verify it with the CEO before proceeding. Even if you have an email exchange between the CEO and the requester, as AI advances, fake emails look too real. Do not click any suspicious links, as that can allow scammers access to your computer. If in doubt, forward the email to your IT and ask if they think it’s spam before proceeding.
If you are unsure, stop, question, and verify before proceeding. It’s much better and safer to do this than to allow a scammer access to your online systems, bank account, or donor data.
Take Action
Take the following 3 steps to protect your nonprofit from scammers.
1 ➡ Assign someone in your office to take the lead on increasing awareness and education.
2 ➡ Run webinars and training sessions to educate all your people, as well as provide written resources that are kept up to date with the latest threats.
3 ➡ Create an environment so anyone feels safe to Stop - Question - Verify (SQV).
You’ve got this! Be safe.
👋 See you next time,
Jenny
Whenever you're ready, there are two other ways to get help:
Insights: Receive these Insights directly in your inbox to learn, grow, and accelerate your expertise of philanthropy data, database, and operations. Plus, bonus insights are often in the email version. Add your email here.
Hands-On Support: Get personalized assistance when you need it the most through fractional support. View here.
