Governor Kathy Hochul today advised New Yorkers about charity scams and increased cybersecurity threats related to Vladimir Putin’s invasion of Ukraine. The New York State Division of Consumer Protection has learned of fraudulent requests for charitable relief money to support victims of the war. Consumers are encouraged to carefully evaluate any request for money and verify charities prior to donating money or supplies. Governor Hochul also encourages New Yorkers to remain on guard when releasing sensitive information online amid an uptick in cybersecurity threats through the utilization of security recommendations from the Department of Taxation and Finance. This follows the Governor’s formation of the , which serves as the center for joint local, state and federal cyber efforts.
“New York is home to the largest Ukrainian population in the United States, and New Yorkers always lend a helping hand to take care of those in need,” Governor Hochul said. “However, we must remain cautious of those who try to commit fraud, taking advantage of others’ kindness. In your generosity to help our Ukrainian friends and family, remember if something seems suspicious, it likely is. Encourage your friends and family, especially elderly loved ones, to stay vigilant online.”
Any time disasters occur, scam artists prey on the heartstrings of individuals looking to help. The invasion of Ukraine provides an opportunity for fraudsters to set up fake charities or pose as compelling war victims. Others design websites to mimic a legitimate charity’s official site to steal unsuspecting donors’ money and/or personal information.
Secretary of State Robert J. Rodriguez said, “New Yorkers are known for being supportive and generous to those in need. As the war in the Ukraine rages on con artists will continue to appear using emotional ploys and fake solicitations in an attempt to bilk consumers. I encourage New Yorkers to protect their good intentions and always research a charity before donating to ensure your hard-earned dollars are getting to those who so desperately need your support.”
Acting Commissioner of Taxation and Finance Amanda Hiller said, “The global crisis in Ukraine has intensified concern about cyberattacks, so we must all be vigilant to prevent confidential information from falling into the wrong hands, denial-of-service attacks, and other negative consequences.”
Office of Information Technology Services CIO Angelo ‘Tony’ Riddick said, “Countless New Yorkers with the best of intentions have donated to charities in support of the people of Ukraine, and they are making a difference. Unfortunately, this generosity also creates new opportunities for cybercriminals to exploit. To protect yourself and to ensure your generous donation always gets in the hands of those who truly need the help, ITS asks New Yorkers to follow these best practices and to remain vigilant in light of recent online threats and cyber scams.”
Division of Homeland Security and Emergency Services Commissioner Jackie Bray said, “Every New Yorker has a role to play when it comes to securing their personal information and protecting themselves from cyber threats. We know that in times of need, bad actors are out there looking to take advantage of those trying to help. If you are attempting to support the people of Ukraine through online or digital donations, remain vigilant and follow these best practices to ensure your donations are authentic and your information stays safe.”
State Senator Kevin Thomas said, “It speaks volumes of our neighbors that so many New Yorkers have taken action to help the Ukrainian people. Unfortunately, it has also created a prime opportunity for scammers to exploit this crisis for personal gain. I urge New Yorkers to remain vigilant and take extra precautions to ensure that their generous contributions go to legitimate causes.”
Assemblymember Nily Rozic said, “Scammers try new methods to trick you all the time, even during an international crisis. As New Yorkers come together to support Ukraine in their time of need, it’s crucial consumers are armed with the skills and knowledge to ensure your generosity is not taken advantage of. I’m thankful to Governor Hochul for ensuring New Yorkers are not scammed for their kindness.”
Scammers often make contact via social media, unsolicited emails, phone calls, or text messages. They may ask to send money through a payment app like Cash App, Venmo or Zelle, wire the money to an offshore bank account, or send prepaid gift cards. Many recent scams include requests for donations in cryptocurrency, such as Bitcoin or Ethereum. Scam artists are creative and will continue to think of new ways to defraud people, so consumers must always be vigilant.
To prevent donation money from falling into the wrong hands, the New York State Division of Consumer Protection recommends taking the following precautions:
- Verify the request. Scammers are more frequently posing as friends, family or romantic interests on social media and requesting donations; it is easy to copy someone else’s photo and biographical information and create a fake account online. If you receive an unsolicited request for donation relief online, even if it appears to be someone you know, connect with the person directly through a different communication link to verify the request. Do not click on any links or complete forms before verifying the source. If the request is coming from someone you only recently met online, it is most likely a scam and you should be especially wary.
- Research the charity. Don’t rely on a charity website alone. Search online before donating to any charity using the name of the group plus search terms like “review” and “scam”. The Federal Trade Commission recommends checking with , ,, or to see reports and ratings for charities. You can also check with (IRS) for verification that a charity is registered. The Office of the Attorney General also recommends reviewing the for financial reports prior to donating to ensure the charity is fiscally sound.
- Resist high-pressure tactics. While the situation is urgent, consumers should resist being pressured to donate immediately. Scammers often pressure you to donate immediately, causing you to overlook red flags in their story. Beware of direct e-mails from “victims” and solicitors who employ heart-wrenching stories, insisting that you donate immediately. Do not to give money over the phone to unsolicited telemarketers; instead, ask the caller to send written materials about the charity and where to donate, if you choose.
- Keep personal information private. Never give your Social Security number, credit card or debit card number, or other personal identifying information in response to an unsolicited charitable request. If donating online, ensure that your internet connection is secure before following through on donation requests.
- Ask how your money will be spent. Consumers want to know that their money is going directly to the victims. A genuine charity should be able to let you know how much of your donation will go directly to the program as opposed to administrative fees.
- Donate by check or credit card. Never give money using cash, gift cards, crypto currency, or any tender that would be difficult to trace. Give your contribution by check or credit card to ensure that you have a record of the donation. Make checks out to the charity, not to an individual. If you choose to donate via a charity’s website, check that the website is secure and that your computer is equipped with the latest anti-virus protection.
The Division’s Consumer Assistance Hotline is open Monday to Friday, excluding State holidays, 8:30am to 4:30pm at 1-800-697-1220. You can find more information and tips by following the Division of Consumer Protection on social media on Twitter () and Facebook ()
Amid heightened international concern about cybersecurity, the New York State Department of Taxation and Finance also shares a series of critical tips to help taxpayers safeguard their private information during tax season and throughout the year:
Be wary of unsolicited emails and telephone calls asking for personal information. Never share personal information, such as your Social Security number, in response to an unsolicited email or telephone call. If the email or call claims to be from a company with which you do business, call it directly to confirm the contact is legitimate. Scammers often use scare tactics and threats related to tax debt to get you to share your personal and financial information.
Secure your mobile devices. Apply software updates that patch known vulnerabilities as soon as they become available. Use security features built into your device, such as a passcode, and use programs that encrypt data and remotely eliminate contents if the device is lost or stolen.
Be careful with Wi-Fi hotspots. Public wireless hotspots are not secure, which means that it’s easy for cyber thieves to see what you are doing on your mobile device while you are connected. Limit what you do on public Wi-Fi and avoid logging into sensitive accounts.
Be cautious about the information you share on social media. Avoid posting your birthdate, telephone number, home address, or images that identify your job or hobbies. One reason: this type of information can be used to determine answers to security questions used to reset passwords, and makes you a target of fraudsters who seek to access your accounts and personal information.
Use strong passwords. Create different passwords for all your accounts. When it comes to passwords, try to use one with at least 14 characters, the current industry standard. Use a combination of letters (uppercase and lowercase), numbers, and symbols. Consider passphrases in which you use the first letters of a memorable phrase to create a complex password that is difficult to guess. Regularly change your passwords/passphrases.
Vary your security questions. Don’t use the same security questions on multiple accounts. Select security questions for which the answers cannot be guessed or found by searching social media or the internet.
Use two-step verification to access accounts. To enhance the security of online accounts, whenever possible require a password and an extra security code to verify your identity when you sign in.
Beware of phishing. Don’t click on links, download files, or open attachments in emails from unknown senders. Open attachments only when you are expecting them and know what they contain, even if you know the sender.
Report it. If you’re a victim or believe you may be a victim of tax-related identity theft, alert us immediately. We will track your information to help keep it private and protected. Visit the Tax Department’s webpage.
The Tax Department uses advanced encryption, firewalls, intrusion-detection systems, and other security measures to safeguard our systems and sensitive data, but taxpayers must also take a proactive approach to protecting themselves online.