Double trouble: Protect your charitable gift-matching program

Imagine you’re working at your desk in your company’s office (not at home at your kitchen table in your pajamas), and a friendly co-worker (we’ll call him Frank) strikes up a conversation. Frank asks about your recent birthday and listens intently as you describe how you celebrated. He dives deeper, asking about your best birthday party and your all-time favorite birthday present. You don’t consciously realize it, but Frank is using your name frequently and mimicking your body language. Finally, he admits he feels a bit insecure about the fact that he’s never been a good gift-giver and fears no one has fond birthday memories about him.

Suddenly, Frank’s face lights up as he seems to spontaneously realize how the two of you can help each other out. He knows of a very deserving charity that needs contributions to accomplish its important mission, and Frank would love to donate his own money to them. Even better, Frank says he wants to donate the money in your name, as a gift. And luckily enough, your mutual employer has a donation-matching program in place, so the charity can get double the funds.

All you need to do is let Frank enter your company’s donation portal using your login, so he can make his donation that your employer will then match. It’s a win for everyone: Frank will make a surprisingly generous charitable gift in your name, he’ll feel better about giving memorable gifts and a needy charity will get a donation that your employer will double.

You pause at the idea of letting Frank use the donation portal under your name, worried about letting someone else use your computer. But it’s no problem, Frank assures you, because you get to watch him the whole time. He follows a legitimate link from your employer to the donation portal, enters the name of the charity and the donation amount, and clicks “submit.” The whole thing took less than two minutes.

What would you do?

Knowing how easy it is, would you allow a co-worker to do this, or would you be reluctant? How about if, to sweeten the pot, a co-worker said they’d hand you a “birthday check” with multiple zeros on it as a thank you for facilitating this donation?

This hypothetical scenario might sound silly, but something very similar to this happened just a few years ago. And surprise, surprise — it was all part of a fraud scheme. (See “Metro Atlanta man admits he made $670K by running a fake charity,” by Ben Brasch, The Atlanta Journal-Constitution, May 24, 2018 and “Operator of bogus charity pleads guilty to defrauding multiple companies,” U.S. Department of Justice, press release, May 24, 2018.) 

As fraud fighters, we might never agree to let a co-worker do anything on our computer under our login. We’re trained to be suspicious and prone to follow security procedures. The “birthday check” also would’ve only made us more wary. But for the average office worker, who might be living paycheck to paycheck and dealing with the highest inflation in decades, the use of the donation portal might seem harmless, and the generous check could be seen as a miracle too enticing to deny. (See “U.S. inflation at 9.1 percent, a record high,” by Christopher Rugaber, Associated Press, PBS News Hour, July 13, 2022.) Beyond the money, the average office worker isn’t trained to notice a fraudster’s trust-building techniques, like asking lots of questions to get their unwitting partner to talk, using the partner’s name and mimicking their body language, and sharing the fraudster’s own “flaws.” (See “12 Tricks Con Artists Use to Win Your Trust,” by Brandon Specktor, Reader’s Digest, July 26, 2021.)

A story of charity fraud

Even if we could never be duped into helping a co-worker in a scheme like this, we can still learn a lot from this case. First, let’s go over what this fraudster did.

According to the Atlanta Journal-Constitution article, Kai Brockington started a charity in the Atlanta area called Our Genesis Project with a mission of providing health care to low-income individuals. The charitable endeavors were all bogus, however, and the real mission was to provide Brockington with money to buy jewelry worth $25,000, travel costing $54,000, fine dining totaling $57,000 and clothing worth $116,000.

Brockington ran a lucrative fraud, acquiring $668,000 from multiple large companies over five years, according to the DOJ press release. All the victim companies had programs where they would match employees’ charitable donations to various charities. As the Atlanta-Journal Constitution article reports, in some cases, Brockington himself was the employee who made the initial donation to his charity that triggered his employer to match the donation. In others, he convinced employees to make the initial donation. Brockington appears to have paid his co-workers a few thousand dollars to gain their participation in the scheme.

Of course, all these initial “donations” were phantoms where no money changed hands, but they triggered real matching donations in substantial amounts from the companies. It brings to mind the old maxim (which I’m paraphrasing) “no bad deed dressed up as a good deed goes unpunished.” Brockington was charged with, and ultimately pleaded guilty to mail fraud and willfully filing a false tax return. He received a jail sentence of three years and five months.

Lessons from the fraud scheme

Now that we know a bit more about how Brockington’s scheme worked, let’s examine how we can lessen the likelihood of similar frauds targeting charitable gift matching programs. First, find out how much the relevant matching program values flexibility in giving versus security. Some companies might want to let their employees donate to any charity of their choosing and have that donation matched. This is the riskiest approach in terms of potential fraud, but employees might appreciate the autonomy it provides and donate more money to legitimate charities because of it. For more risk-averse entities, the simplest and strongest way to reduce fraud risk is to limit matching donations to a preestablished list of vetted charities. Companies can then ensure their matching donations are going to charities that meet certain standards for legitimacy. However, know that these restrictions might deter some employees from giving in the first place, especially if a charity they hold near and dear isn’t on the vetted list. 

Regardless of how flexible or restrictive a giving program might be, your company (or a client company) can take other steps to reduce the risk of fraudulent giving. First, ensure the initial employee donation actually occurs. Requiring documentation of financial transfers, like a check image or a bank statement, will reduce risk, because receipts or thank-you letters from charities are easy to fabricate. Second, implement automatic checks for donations over certain amounts. These checks could include a review of the charity with governmental records and other open sources. Confirm the charity’s nonprofit status with the IRS online and also its home state using the National Association of State Charity Officials (NASCO) website. (See “ Tax Exempt Organization Search,” IRS and National Association of State Charity Officials.) The Federal Trade Commission (FTC) recommends conducting online searches using the charity’s name and terms like “complaint,” “review,” “rating” and “scam” as a way to find red flags online. The FTC also recommends looking for negative reports and ratings on charity-focused sites like Candid/GuideStar, Charity Navigator and CharityWatch. (See “How to Donate Wisely and Avoid Charity Scams,” FTC.)

Have the charity’s officers received negative attention? Be on the lookout for connections between the donating employee and the charity, which could be a red flag. Aggregate donations should trigger the same due diligence checks because three donations of $5,000 each can cause the same damage as one $15,000 donation. Finally, educate employees on guidelines for charitable giving. Make clear in the donation portal that employees can’t donate on anyone else’s behalf, and that the company may require additional vetting before cutting a check.

Hopefully, with some education and a few preventive steps, your employer’s or client’s donations will help needy people with health care rather than greedy people with vacations.

Brian Molloy, J.D., CFE, is chief of investigations with the City of Austin, Texas. Contact him at brian.molloy@austintexas.gov.