4 Types of Nonprofit Scams and How to Protect Your Organization From Theft

Around 1.8 million nonprofit organizations in the United States play a vital role in society, helping those in need and offering support for issues like mental and physical healthcare, arts and culture, animal welfare, and so much more. Nonprofits are diverse in type and size, ranging from small groups with all-volunteer staff to multibillion-dollar organizations with teams of highly trained professionals.

No matter the type or size of the nonprofit organization, the risk of falling victim to theft through a scam, crime or fraud is a major concern. Not only will there be financial damages, but the reputational harm done to a nonprofit can be devastating.

Common Types of Nonprofit Scams

Between January 2020 and September 2021, nonprofit organizations were the victims in 9% of the reported fraud cases and suffered a median loss of $60,000, according to the Association of Certified Fraud Examiners’ “Occupational Fraud 2022: Report to the Nations.” The report also revealed that nonprofits have far fewer fraud controls in place on average than other organizations.

Nonprofit organizations, especially when working to provide assistance to the communities they serve, tend to be more prone to scams and theft. Nonprofits can be vulnerable because they are smaller and may not have accounting controls in place like other businesses have.

What are some of the most common types of scams and theft nonprofits experience? Here are four types of fraud risks all nonprofits should be aware of.

1. Employee Theft and Misappropriation of Funds

Although we like to believe those working in the nonprofit sector are all honest and have good hearts, employee theft — though uncommon — is still a concern. Employees may skim money from donations or use the organization's credit card to fund their own purchases while shopping for the nonprofit at the same time. Alternatively, an employee could submit a fake expense report or overstate their expenses. It's often not until an audit of financials is completed that the theft and misappropriation of funds are discovered. Or, an employee may tip off the board that a coworker may be engaging in some shady actions.

Another type of employee theft is known as "ghost employees," in which a scammer sets up a falsified record for a person on the payroll who does not actually work for the nonprofit and then cashes the paychecks themselves.

2. Fundraising Scams

This type of theft usually occurs during times of crisis, such as the aftermath of a natural disaster or the war in Ukraine. Scammers use these emergency situations by preying on the community's generosity, impersonating a nonprofit and accepting donations in their name, ultimately keeping all the proceeds for themselves. Donations may be given via website, phone, email or even in person.

3. Cyber Crimes and Phishing Scams

Nonprofits handle sensitive information regarding their volunteers and donors, increasing their risk for cybersecurity attacks. Technology has made it easy for organizations to accept donations online, but having an unsecured website leaves an open avenue for a cyberattack. Additionally, many nonprofits use monthly newsletters and automated emails to keep in touch with potential donors and other interested parties. The organization could easily fall victim to a cybercriminal utilizing phishing emails, a type of social engineering scam, to obtain sensitive data from those in their email list.

4. Vendor Fraud

Vendor fraud is one of the most common types of billing schemes targeting nonprofits. Red flags regarding vendors include:

• Invoices from unfamiliar vendors or for poorly defined services
• Paying a fraudulent third-party vendor
• A sudden increase in purchases from a single vendor
• Employee addresses matching vendor addresses
• Vendors with company names consisting of initials or addresses that are only post office boxes
• Breaking large billing into multiple, smaller invoices to avoid drawing attention to a vendor

How to Stay Vigilant and Keep Your Nonprofit Protected from Theft and Scams

When a nonprofit organization is complacent, there is always a higher risk of fraud. Smaller nonprofits may not be aware of the controls — such as not having third-party auditing or properly billing inventory — needed to stay protected while larger nonprofit organizations often don't have enough staff to monitor transactions.  

Here are a few steps nonprofits can take to protect their organization from theft.

1. Implement Strong Internal Controls

All board members and management should avoid complacency at all costs and enforce strong internal controls above and beyond an annual audit. Measures can include regularly reviewing invoices and billing (including by the board of directors), recording cash receipts and depositing them daily, locking the office door when no one is monitoring the entrance, creating policies to reimburse employees for only approved expenses, and periodic reviews of vendors.

2. Set Up a Corporate Compliance Plan

Corporate compliance plans hold nonprofits accountable and usually include various policies, such as a whistleblower policy, code of conduct policy or conflicts of interest policy. This plan ensures the organization is operating with transparency and helps build its reputation among potential donors and other board members. The plan should be widely communicated to everyone involved in the nonprofit.

3. Get to Know Your Employees

No matter the size of the operation, the nonprofit should strive to get to know who its employees are and what motivates them. Employees may be responsible for handling large sums of cash, so it's vital they can be trusted. Additionally, teach employees how to detect potential scams and fraud, and encourage them to report any fraudulent behavior they may see.

4. Purchase Nonprofit Insurance Coverage

Nonprofits face unique risks that set them apart from other types of businesses. Nonprofit insurance coverage helps protect the organization's people and assets and ensures they can continue fulfilling their missions.