Threat Intelligence Directory
Fraud

Charity Impersonation / GoFundMe Clone Fraud

Attack Trigger

Fraudulent charity campaigns launched hours after high-profile disasters or tragedies exploit genuine compassion

What Attackers Want

$25–$500 per victim, aggregated across thousands of compassion-driven donations

How This Attack Works

Scammers register charity domain names within hours of major disasters, shooting events, or viral tragedies and launch donation campaigns that look identical to legitimate fundraisers. Some clone active GoFundMe campaigns down to the photos and story. All donations go directly to criminals, not victims.

Red Flags to Watch For

  • Charity or campaign name is a slight variation of a well-known organization
  • Donation link does not go to the official charity domain or an established platform like GoFundMe
  • No Employer Identification Number (EIN) or IRS 501(c)(3) status can be verified
  • Domain registration date is within days of the event — check WHOIS records
  • Donation payment is requested via wire transfer, Zelle, or crypto rather than a credit card
  • No verifiable contact information, physical address, or named leadership

Known Malicious Domains

These domains have been associated with this attack. Never click links going to these addresses.

  • disaster-relief-give.comMALICIOUS
  • gofundme-clone-campaign.netMALICIOUS
  • red-cross-donate-now.comMALICIOUS
  • veterans-charity-fund.netMALICIOUS

Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.

How Glance Stops This

  • Domain similarity analysis catches lookalike sender addresses at millisecond speed
  • SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
  • VirusTotal + Google Safe Browsing checks every link in real time
  • Urgency language detection scores the email higher for manual review
  • Known malicious domain blocklist updated continuously from live scan data

Don't wait to get hit.

Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.

Protect My Inbox — Free

Similar Threats

Fraud

Fake Crypto Investment Opportunity

Medium
Fraud

SIM Swap Attack

Medium
Fraud

Elder Financial Exploitation

Medium
View all threat profiles