From SANS ISC:
Earlier in the week we've mentioned that people should be on the lookout for "fake" charities trying to exploit the Sandy Hook tragedy. About 150 or so domains have been registered that are "suspect" and about a dozen I can safely say are fraudulent. Some basic steps we already know about how to deal with this:
• Only deal with charities that are already known to you (i.e. the Red Cross) or that you have a personal relationship (your church or church-related organization, local civic group, etc).
• Don't donate to charities simply by clicking on an e-mail; affirmatively go to website to donate directly.
• Always be sure to check for real contact information, if you don't see anything, don't donate.
That said, let's say you find a website and you want to "verify" whether it is suspect or not. There are several things you can do. Advance warning, this is US-centric mostly because I don't know "charity" laws in other countries, if someone would like to clue me in how to do similar in other countries, feel free to contact me directly.
• Check the domain registration using WHOIS. One online WHOIS tool is here. If it is a "private registration", it is suspect and move along.
• Check with the IRS whether the organization is, in fact, tax exempt. Their lookup tool is here. If the website doesn't have an organization name, it's suspect. If they are talking to you, try to get their tax ID (or FEIN) number. Ask for a copy of their IRS Form 990 (which they are required to disclose). Many states also require charities to register themselves and you can search those filings online as well.
• Check with Guidestar which is sort of a Consumer Reports / Better Business Bureau for charities.
Continued : https://isc.sans.edu/diary.html?storyid=14737
Get behind the wheel with Roadshow
Love cars? Climb into the driver's seat for the latest videos, reviews, shopping advice and picks by our editors delivered to your inbox every week.