Hurricane Harvey has hit Texas and Louisiana in ways we have never seen. According to the HHS Office for Civil Rights (OCR), scammers are fraudulently collecting sensitive information and stealing donations by creating and using fake social media platforms, such as Facebook, Twitter, charity websites, and phishing emails. The scammers are asking for donations to be made to the Hurricane Harvey Relief funds.
According to OCR, these fake websites will usually do one of two things:
- Ask for a credit card number to steal the donation; or
- Infect your electronic device with malicious software that can extract sensitive information (passwords, usernames, or account numbers) that is subsequently used to commit fraud.
In the past, scammers have used natural disasters to take advance of charitable individuals using fake websites, such as in 2012 when a charity calling itself the "Hurricane Sandy Relief Effort" raised $600k for storm victims that were used by thieves to pay off their own credit card debt.
Tips for preventing a social media scam
OCR offered the following tips if you'd like to help:
- If you want to make a donation, go to the charity's official website to make the donation. Type the address in your browser or use a bookmark to ensure you don't go to a fraudulent website by mistake.
- Be sure to verify the existence and legitimacy of non-profit organizations by using Internet-based resources.
- Most legitimate charities maintain websites ending in ".org" rather than ".com".
- Do not respond to any unsolicited incoming e-mails or text messages, by clicking links or downloading files contained within those messages, because those links or files may contain viruses or other malicious software (including ransomware) that could steal your personal information and/or harm your computer or other electronic devices.
- Be cautious of organizations with copycat names similar to but not exactly the same as those of reputable charities.
- Do not be pressured into making contributions; reputable charities do not use coercive tactics.
- Legitimate charities do not normally solicit donations via money transfer services.
To combat the threat of this type of scam:
- Hang up the phone if you are suspicious of the caller.
- Never allow remote access to your computer unless such access is known to be legitimate, and the requestor's authenticity can be verified (e.g., calling your IT Help Desk to verify the identity of IT support personnel requesting remote access to perform maintenance).
- Do not trust unsolicited phone calls, emails, or texts.
- Be suspicious of requests for personal information over telephone, email, or text.
- Do not download unknown software or purchase unsolicited online services.
- Verify the identity of the caller directly with CE or BA officials, or with the company, the caller claims to represent.
- Record the caller's information if you suspect a scam and report it in accordance with your organization's policies.
Avoid any charity or fundraiser that:
- Refuses to provide detailed information about its identity, mission, costs, and how the donation will be used.
- Won't provide proof that a contribution is tax-deductible.
- Thanks you for a pledge you don't remember making.
- Guarantees sweepstakes winnings in exchange for a contribution. By law, you never have to give a donation to be eligible to win a sweepstakes.
Healthcare Compliance Pros will be publishing an entire Social Media series. We invite you to follow along for the next few months as we explore the pros and cons of Social Media platforms, and to help you ensure safe Social Media Practices.
If you have any questions, please feel free to reach us by phone toll-free at 855-427-0427 or send us an email at firstname.lastname@example.org.