Last week the Association of Professional Genealogists announced it had been targeted by scam artists. The villains were able to impersonate the secretary's email and offered to pay APG members an hourly fee to lobby state legislatures regarding forensic genealogy. In a further attempt, members received requests to "Support Diane's Brain Cancer Battle." APG quickly quashed the scam by alerting members and asking them to report any such attempt at fundraising and asking that those affected to notify the organization.
I have some professional knowledge of cyber security and I have been the target of email cloning and twice had my credit card accounts hacked. I, therefore, would like to offer a few cautions of my own.
1. Source. Be cautious of any solicitation via email or social media, especially Facebook. We have all heard about fake news on social media, yet it is hard not to click on that story about the baby with cancer. Look carefully - is it a story supposedly about someone in a small Missouri town but the link takes you to a website that is not linked to any local, regional or state news source? Don't be taken in just because it is a sad story or even a happy one!
2. Context. Does the email read like a normal / regular communication you receive from an organization? Often databases are hacked by groups in foreign countries then they are sold to individual criminals or organizations. If you closely read the fake email there will be grammatical mistakes or colloquialisms that don't fit. For example, did a New England genealogical society end their request with "see y'all in the spring!" when you know their annual conference is in the fall and no self-respecting Bostonian would say y'all like we do in the south? Sometimes it isn't that simple, but if you look you will often see things that just do not fit the norm.
3. Legitimacy. If any legitimate organization is soliciting funding, take a minute to think about the source and what they are asking. Would an organization such as APG solicit funding through their work emails for an individual? The answer is never. Most companies and non-profit organizations have rules about using their official communication sources for private funding.
4. Check it out. At the national level any non-profit must register and are held accountable by federal law. You can check out charity ratings at Charity Watch. For an organization such as a genealogical society, go to their website for information about events and solicitations. If an organization is undertaking a fundraising campaign, you bet it will be front and center on their website. Also, you can contact them via phone or mail, but use only phone numbers that you find officially linked to the organization not one provided in the suspect email.
5. Be familiar with the typical scam. You can check this US government website that lists common fraud types: https://www.usa.gov/stop-scams-frauds#item-35157.
According to an IBM report, the global cost of cybercrime will reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion. Small, regional and even local organizations are not immune. The IBM report explains, "a staggering 50 percent of small and mid-sized organizations reported suffering at least one cyberattack in the last 12 months."
Your best bet is to be aware, be vigilant of your own finances and social media presence and most importantly when and if you are ready to give to a worthy cause, take the time to do the research and get your hard-earned dollars in needy hands, not those of criminal organizations.
Kathleen W. Hinckley, CG