October 17, 2023

A little after midnight on a Wednesday last August, Alaska Public Media received two online donations of around $25,000 each, both sent via electronic funds transfer (EFT). Instead of feeling excited about the support for the organization’s work, Database Manager Melissa Walker and Director of Development Peter Host felt skeptical. 

Like many small public media organizations, Alaska Public Media doesn’t receive five-figure gifts out of the blue; they usually come as a result of cultivated major giving. As it turned out, the donations were fraudulent. But thanks to some quick thinking and action by the development and finance teams, the station stopped the scam from being fully executed. 

Host offered a few takeaways on how they did it and what they learned in the process.

Why This Scam Works

Unlike traditional credit card fraud where someone steals a credit card number and buys whatever they want, this scam is dependent on the “donor” contacting their bank to request a chargeback for a donation made in error.

Host described it as a “weird loophole” in the system where a chargeback is processed before the original donation. 

“Imagine that you made a purchase of an expensive TV at Best Buy, used a check you knew would bounce, but the store wouldn’t know for a day or two, and then in the interim, returned the TV and got cash in return,” Host said. “This is essentially like that, except that in the world of electronic funds transfer, there is no need for the scammer to convert between types of credit and/or currency.”

Host said the standard assumption is that all donations are made in good faith, and scammers often make two fraudulent donations and request a refund on one of them, citing it as a duplicate. In reality, though, neither “donation” is ever going to clear and the station is going to end up sending the money to the scammer via their bank.

Proceed with Caution

Shortly after the online donations were made to Alaska Public Media, the station received the following email through its Contact Us from someone claiming to be Keith Rogal:

I’m showing two donations for 25000 dollars deducted in my account. I am curious to know if this is a normal thing or if this is a mistake from the online platform or if simply I have done something wrong. I understand if this is only a temporary hold on my account as well but if someone could just clarify me on the situation that would be greatly appreciated.

Keith Rogal and Associates!
Napa Valley Restoration Group

There is a Keith Rogal in Napa California and the message came from an email address that could belong to him, so there weren’t any immediate red flags that the donation was fraudulent.

Host said, “Communications submitted through our donor portal are often rife with grammatical errors and weird phrasing, so my alarm bells weren’t really ringing yet.”

Move the Conversation Offline

Host knew that he wouldn’t be able to verify “Keith Rogal’s” identity online, so he attempted to schedule a phone call or Zoom meeting with him to discuss his support for the station. At this point, he wasn’t sure why someone would attempt a scam like this and how they would benefit from it – something he now describes as a “lack of criminal imagination.” 

In the meantime, the station’s database manager voided the second transaction and Host reached out to “Keith” to inform him of this. He received the following reply requesting a chargeback:

“Hello Peter. I’m very happy to be chatting with you as well. I Should be there tomorrow late afternoon to see the progress on my home and give you all a visit. That is the possitive side of the situation. The negative side of the situation is that my bank has asked me to start a chargeback on the situation unless a refund is issued. It’s clearly been taken out of my account but this process will not start just yet because I would rather speak in person to figure this out first but I’m just wanting to confirm that I have not seen a reflection in my account as of now and I’m only seeing a deduction of both transactions so if you could please clarify with your bank that would be greatly appreciated. I’m using a new phone made through planet computer and the phone has been recalled believe it or not so I’ve been using my laptop and will be for the next few days until a new phone is issued. Alright well I can’t wait to see the station and meet you all. I hope this does not interfere with your schedule but it it does just let me know. Thanks.

Have Backups in Place

Upon receiving the email from “Keith,” Host knew they were dealing with a scammer, so Melissa Novinska-Walker, the station’s membership database manager, voided the other donation and followed up with their payment processor to ensure that funds would not be withdrawn from the station’s account. 

All of this happened within the span of a few hours, and Host noted that if the transactions occurred before midnight, they would not have been able to void them the next day. And, if Novinska-Walker was out of the office that day, the station might have been on the hook for $50,000.

We realized that I, as a supervisor, should have the knowledge and ability to deal with our bank and payment vendors, so that in the event something happens while our Database Manager is out, I can handle it,” Host said.

Host said the station’s customer service representative also worked quickly to flag the donation and follow-up communication as potentially fraudulent.

Formalize Gift Policies

Following the scam attempt, Alaska Public Media plans to implement a written policy and response to donors stating that the station doesn’t issue refunds before the donations are fully recorded in their accounts. This process can take up to 7 days for EFTs. 

Host said the station also considered setting a maximum amount for online donations, but neither its payment processor nor its CRM offered that capability.