The holiday season is a time of generosity, goodwill, and charitable giving. Donations tend to peak at year’s end, boosted by campaigns such as GivingTuesday encouraging acts of thoughtful generosity. Unfortunately, it is also a prime period for fraudsters who look to exploit public compassion for personal gain. As a result, Charity Fraud Awareness Week usually happens in the UK around the same time as GivingTuesday, with the aim of sharing knowledge and promoting resilience against charity fraud.

In 2024, UK consumers lost over £1.2million to fake charity scams in one study alone, with these scams targeting individuals’ empathy and trust. Fraudsters exploit this goodwill through impersonation, fake fundraising campaigns, phishing, and increasingly sophisticated AI-generated content. From cloned websites to fraudulent social media fundraisers, these scams are growing more credible and harder to spot.  

Moreover, charities and non-profit organisations face direct fraud risks as well, with one study finding that UK charities lose £1.65bn annually due to fraud. Charities face many of the same fraud risks as companies but also face unique risks because of the often trust-based, volunteer nature of many organisations as well as often facing limited resources. Cybercriminals target charities as they do companies, with phishing emails or ransomware attacks. Moreover, charities face insider fraud risks, including the skimming of cash donations, the creation of fake contractors or false grant applications, or kickbacks or undisclosed relationships.

In this article, we explore how many of these scams operate, where they occur, warning signs, real-life examples, and practical steps to protect yourself.

Exploiting tragedy and global events

Fraudsters often use real-life tragedies to appeal to donors and make their scams appear more convincing. Conflicts like the war in Ukraine or humanitarian crises like in Gaza are commonly being exploited, particularly at this time of year with scammers creating emotionally charged fake campaigns. These scams can collect thousands or even millions of pounds before anyone realises, preying on people’s impulse to help immediately in times of crisis.  

For instance, the cyber intelligence firm Check Point has found that cybercriminals have sought to take advantage of the war in Ukraine to carry out fraudulent activities. In many cases, ads appear pretending to be victims of the war asking for money, often with fraudsters requesting donations to be made in cryptocurrency.

In another example from Check Point, seen below, fraudsters create a fake email campaign pretending to be representatives of the National Bank of Ukraine. This demonstrates a tactic often employed by fraudsters, who seek to link themselves falsely with a legitimate organisation to lend credibility to their scam.

‍

Sadly, donors to this cause will be contributing directly to the fraudsters, unknowingly handing over money that will never reach the peopleor communities they believe they are helping.

Impersonation of genuine charities

Another common tactic is to impersonate well-known charities, copying logos, branding, and websites, or creating lookalike social media accounts. For example, in one notable UK case in 2023, a convicted fraudster, David Levi, led a nationwide fraud gang posing as collectors for a variety of genuine charities including Children inNeed, Great Ormond Street Hospital Children’s Charity, and MIND.

Levi ran a “pool of collectors” that stole around £500,000 soliciting donations at supermarkets over a period of 6 years, while passing less than 10% to actual charities. Levi claimed the group was simply covering expenses for their fundraising work, but evidence suggests they only began to make donations to charities after police started investigating.

Levi previously pleaded guilty to money laundering, for which he served a five-year sentence, and in 2005 was charged with running an identity fraud gang which tricked eBay users into giving away their account details. For years, Levi had been enjoying a “cash-rich” lifestyle, including luxury holidays and expensive cars.

AI-generated content and phishing scams

It’s not just money being stolen. Fraudulent donation campaigns frequently steal personal or financial information through phishing links. Bogus donation websites, forms, or payment requests can capture card numbers, bank details, or login credentials, which scammers then exploit, putting victims at risk of identity theft. Once they obtain this information, they can open fraudulent credit card accounts in someone’s name, potentially withdraw funds from their bank account, make unauthorised purchases or even sell their personal data on the dark web.

One worrying trend is the ability of AI to give fraudsters new tools to operate fake charity scams at scale. While cloned and fake charity sites already existed, generative AI enables fraudsters to produce professional-looking websites, realistic videos, and polished social media posts quickly and at scale. This increases the perceived legitimacy of their campaigns and makes detection harder, even for careful donors.

An increasing trend is the use of phishing kits, created by cybercriminals, that can create hundreds of spoofed charity sites with very little overhead. These sites look legitimate but send submitted credit card and login data directly to criminals. In one case earlier this year, a UK student was jailed for selling over 1,000 different phishing kits linked to £100m worth of fraud; one of his kits was used to mimic a charity donation webpage that stole victims’ credit card details. The student even offered tutorials in how to use his kits.

AI-generated fake news articles also drive misinformation campaigns promoting fraudulent charity events or highlighting fabricated crises. These articles spread rapidly on social media platforms, deceiving users and driving them to contribute to fake causes. Similarly, deepfake technology enables fraudsters to impersonate celebrities and other trusted public figures running charity drives, asking victims to make a ‘donation’ to a fake cause. Once the money is sent, the fraudster disappears.

Particularly at this time of year, using AI technology in this way manipulates emotions to drive donations while running the risk of undermining trust in legitimate charities.

Social media and crowdfunding scams

As touched on already, social media has become a hotspot for fake charity scams. A 2024 study analysed over 150,000 social media accounts and more than 3 million donation-related posts across platforms including X, Instagram, Facebook, YouTube, and Telegram, identifying over 800 accounts linked to fraudulent fundraising.

Platforms hosting user-generated fundraisers, such as GoFundMe, are also frequently abused. Scammers create pages purporting a range of to support victims of disasters, war refugees, or urgent medical needs, pocketing donations themselves. The reach and speed of social media make these scams particularly dangerous.

Fraudsters running large scale charity scams create multiple accounts to proliferate their activities and gain the widest reach. When one account is detected as fake and shut down, they switch accounts or open new ones. This can be seen in the example below where we discovered that multiple accounts set up on the social platform, Bluesky, were connected to each other by the same donation link. Some of these accounts have made thousands of posts and have many followers.

Since discovering these accounts, they have subsequently been suspended by the platform. Interestingly, donations to the original GoGetFunding link have expired and it now directs users to a new appeal on a different crowdfunding platform - Chuffed.org. This highlights how fraudsters constantly evolve and adapt their methods to perpetuate their scams. When one avenue closes, they find another one.

Fake charity scams harm genuine people in need

Through all of this, it’s important to note that the dangers of fake charity scams extend far beyond financial loss - they can also affect the reputations of legitimate charities, affect victims’ morale and undermine the voices of genuinely vulnerable people who rely on crowdfunding as a lifeline. The public can become sceptical of the authenticity of appeals and decide not to donate. Similarly, when social media feeds are full of charity donation requests - some genuine, some fraudulent - users feel spammed and less inclined to contribute. Moreover, fraud targeting charities directly also damage the broader charitable ecosystem. When confusion or scepticism is created, the effectiveness of genuine fundraising efforts is eroded.

Red flags to spot fraudulent activity

Fortunately, there are common red flags to look out for when deciding if a charity or fundraising appeal is genuine or not:

• ‍Urgency and pressure - Scammers often insist on immediate donations, citing urgent crises or disasters. This high-pressure tactic discourages donors from taking the time to verify the charity’s legitimacy. While the nature of charities means often this appeal of urgency is legitimate, it is important to consider the source.‍
• Suspicious payment methods – Requests for bank transfers, gift cards, or cryptocurrency are high-risk warning signs. Legitimate charities usually accept secure, traceable payments, whereas criminals are looking for payments that avoid the traditional banking system.‍
• Unsolicited contact – Fraudsters often use unexpected calls, texts, or emails requesting donations. It is important to always check sender email addresses and donation links provided. It is also important to do proper due diligence on any organisation, including screening for any links to a history of fraud or adverse media.‍
• Fake charity numbers or identifiers – Fraudsters will often provide fake charity numbers in the hopes an individual will not take the time to verify. It is important to always verify registration with the UKRegister of Charities to ensure it’s a legitimate organisation. Other countries have similar registries. ‍
• Too-good-to-be-true stories – Any overly emotional story is a red flag, as these can be designed to provoke a gut reaction that leads to quick giving. Pause, research, and verify any claims before donating.‍
• Inconsistent or vague information – Keep an eye out for poorly written appeals, missing contact details, or an organisation lacking a proper website or any prior history. Legitimate organisations are transparent about their mission and history, as well as beneficiaries and use of funds.

What can be done?

To protect yourself from fraudsters who try to exploit your generosity and steal your money or personal information this holiday season, it’s essential to practice due diligence before donating.

Here’s a checklist of steps to help ensure your contributions go to genuine causes:

• ‍Verify the charity or individual – Research the organisation or fundraiser thoroughly. Check the UKCharity Commission register to confirm legitimacy, and look for credible online reviews, financial reports, or independent coverage. If it’s an individual fundraiser, investigate their background and connections to the cause. ThemisSearch can help to identify any hidden links to previous fraudulent or misleading activity, including any adverse media or known criminal activity.‍
• Donate through official channels – Always navigate to the charity’s official website yourself rather than clicking on links in emails, social media posts, or text messages. Confirm the URL is legitimate and secure (look for “https” and recognisable domain names).‍
• Pause and reflect – Don’t let urgency, emotional appeals, or pressure tactics drive your decision. Scammers rely on quick, emotional reactions to bypass careful scrutiny. Take time to verify details and ask questions if something seems off.

It is equally important for charities themselves to develop robust anti-fraud protocols to protect their funds, reputation, and the trust of their supporters. A proactive approach helps prevent scammers from impersonating an organisation or exploiting its brand. Having clear anti-fraud tools in place also helps prevent any insider fraud or cyber fraud attempts. By embedding due diligence and fraud prevention into operations, charities can safeguard resources and help reinforce a donations landscape that is trustworthy.

Charity Due Diligence Checklist

Staff and Volunteers

• Conduct due diligence on employees, volunteers, and contractors.
• Provide training on fraud awareness and safeguarding procedures.

Applicants and Beneficiaries

• Screen grant applicants for any links to previous fraudulent activity.
• Verify identities and check network connections for hidden criminal links.

Suppliers and Vendors

• Verify legitimacy of suppliers and service providers before contracts are signed
• Screen for any unreported network connections to employees or volunteers.

Fundraising and Campaigns

• Vet third-party fundraising platforms or individuals fundraising on your behalf.
• Monitor for impersonation of the charity on social media or crowdfunding sites.

Partnerships and Affiliates

• Conduct due diligence on partner organisations and collaborators.
• Check reputation, past performance, and compliance with relevant regulations.

Conclusion

While most charities operate with honesty and integrity, fake charity scams remain a serious and growing threat, especially during the holiday season when generosity is at its peak. These scams are increasingly sophisticated and pervasive, exploiting AI, social media, and crowdfunding platforms to appear legitimate. Fraudsters often prey on urgency and emotion to manipulate potential donors. These same criminals often target charities directly as well, creating a risk environment with threats from every direction.

Taking a moment to verify appeals, question unsolicited requests, and donate only through trusted channels ensures your generosity reaches those who truly need it. This holiday season, a simple pause could protect your kindness - and your credentials - from being stolen or exploited.