[rtpnet-tact] a cautionary story (not a tale) (fwd)

[Judy Hallman]

To TACT list:

Some good advice. Thanks Jayne.  -- Judy

---------- Forwarded message ----------
Date: Wed, 4 Jun 2003 14:41:27 +0200
From: Jayne Cravens <Jayne.Cravens at UNVOLUNTEERS.ORG>
Reply-To: The DIGITALDIVIDE discussion group <DIGITALDIVIDE at OWA.BENTON.ORG>
To: DIGITALDIVIDE at OWA.BENTON.ORG
Subject: [DIGITALDIVIDE] a cautionary story (not a tale)

Part of bridging the digital divide is bridging the knowledge divide: in
addition to giving people tools and training for access, I believe that we
should also should promote resources that help build people's capacity to
understand the basics of online safety and responsibility. Which is why I
keep asking telecenters if they have safety guidelines and training for
users....

With that in mind, I relate the following, which is a true story (no urban
legend here -- I know the story firsthand), and I hope that others will take
heed:

The small nonprofit organization is based in New York City, and does
terrific work on behalf of communities in a particular developing country.
The nonprofit staff members were thrilled when they received an email from a
person who said she represented a foundation that wanted to make a grant of
$15,000 to the nonprofit.

The representative used a name for her foundation that sounded similar to
another, very famous foundation. And the representative referred to a
specific volunteer program and partnership in which the nonprofit was
engaged. These two elements made the claim sound legitimate to the nonprofit
organization.

But there were many things that should have alarmed the nonprofit:

-- the sender used a free email account. Why would a representative of a
major foundation use a free email account to send such important emails?

-- there were more than a few misspellings and grammar errors in the
message.

-- there was no web site for the foundation.

-- a search on Google.com and Guidestar.org shows no listing for this
foundation.

-- the foundation provided no information on the city, state or country
where it was located.

-- the nonprofit had never had contact with this foundation before; what
foundation contacts a nonprofit out of the blue, with no previous
relationship, and says, "Here's $15,000 for you!"

-- the foundation asked for confidential information to be transferred via
email from the nonprofit, something no foundation would ever ask. This
included the bank account number for the nonprofit, and the executive
director's social security number.

-- when the nonprofit did not respond immediately with this information, the
"representative" became insistent, and talked about how the nonprofit was in
danger of not receiving the money because the nonprofit wasn't providing
this information immediately.

Sadly, the nonprofit did not read these rather obvious signs, and did
nothing to verify the legitimacy of this "foundation's" claim. The nonprofit
emailed all of the asked for information to the "representative" and, the
next day, found $450 withdrawn from its bank account, through PayPal.

This nonprofit has learned a lesson in a very hard way, and staff now have
to go through the arduous process of contacting the state's attorney
general's office, the local police, PayPal, and their banks where they hold
accounts, to report what happened, to assure the security of their accounts,
and to see if there is a way to recover their funds. Prosecution is
doubtful, as it will be very hard to trace the person or people behind this
scam, particularly if they are in a country outside the U.S.

When you receive notice via email that your organization has received an
award or grant, you need to do the following:

-- verify the existence of the foundation or funder. Does this foundation
have a web site? Where is this foundation physically located (street, city,
state and country)? If you type in the foundation's name on google.com, what
happens? If the organization is based in the U.S., are they listed on
www.guidestar.org ? If you do find the foundation's name listed on
Guidestar, contact them directly by phone about the email; the person who
has written you may not actually be with that foundation.

-- ask that the foundation send you, via snail mail, written verification of
this grant, on the organization's letterhead, along with an annual report,
press releases, a list of board members, a list of previous grant
recipients, and guidelines/requirements for receiving grants.

In addition:

-- Do not provide any foundation with anyone's social security number EVER.


-- Do not provide any information *at all* until you have verified the
existence and legitimacy of a foundation.

If you have *any* doubt about the legitimacy or credibility of a foundation
and you are in the U.S., contact your state's attorney general's office.

What would you all add to this list of cautions?


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jayne Cravens [jayne.cravens at unvolunteers.org]
Online Volunteering Specialist
United Nations Volunteers
www.unvolunteers.org
Bonn, Germany

UNITeS: www.unites.org
NetAid Online Volunteering:  www.netaid.org/OV
Global portal to volunteering: www.iyv2001.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-