Charity & Disaster Scams: 5 Variants and the Verify-Through-Charity-Navigator Rule

Scammers create GoFundMe / Kickstarter / Facebook Fundraiser pages claiming to help specific disaster victims — using fabricated names, stolen news photos, and made-up backstories. Real authorized family fundraisers are rare relative to scam-page volume after major events. The protective rule: donate to established disaster-relief organizations rather than to individual GoFundMe pages for strangers.

A representative case from industry reporting on the 2024 Hurricane Helene aftermath: within 48 hours of Helene's landfall in western North Carolina, dozens of GoFundMe pages appeared claiming to support specific Asheville families "who lost everything." Many pages used victim photos pulled from news coverage of the disaster, family-name combinations that didn't appear in any local property record, and donation goals of $50,000-$200,000. Investigative reporting later determined that several pages had no connection to any actual families — the fundraisers were created by scammers using AI-generated story details and stolen photos. Total losses across fake Helene-related fundraisers reached $18M per industry tracking.

GoFundMe and similar platforms maintain trust-and-safety teams that remove fraudulent pages, but the response is reactive rather than preventive — pages typically remain live for 24-72 hours before flagging. The protective architecture for donors: don't donate to individual fundraisers for strangers. Established disaster-relief organizations have field operations on the ground within hours of major events, vet distribution, and produce financial transparency reports. American Red Cross, World Central Kitchen (which deployed to Asheville within 24 hours of Helene), and Team Rubicon (military-veteran-led disaster response) all maintain real-time disaster-response operations.

What stops it is the established-org rule. If you want to help disaster victims, donate to established disaster-relief organizations rather than to individual GoFundMe pages for strangers. If you personally know a family affected and want to support them directly, send funds via Zelle / Venmo to a phone number or email you already had for them — not to a GoFundMe page that may or may not be theirs. Report suspected fake fundraisers to the platform's trust-and-safety team.

Scammers register charity-sounding domains and social-media accounts that mimic legitimate organizations. Real established charities are 501(c)(3) IRS-registered with decades of operational history and Charity Navigator / Candid ratings. Sound-alike scam organizations are typically registered within days of the disaster, have no operational history, and are not listed on any third-party charity-rating service.

A representative case from FTC consumer-protection records: after the January 2025 California wildfires, a domain "EatonFireSurvivorsFund.org" appeared with a polished website, victim testimonials, and a credit-card donation form. The domain was registered three days after the wildfires began. The "organization" was not registered with the IRS, had no Charity Navigator rating, no Candid profile, and no verifiable address or board of directors. Donations via the site routed to a payment processor associated with multiple previously-flagged scam fundraisers. Per DOJ investigation, the operators ultimately faced federal fraud charges. Cumulative California-wildfire-related scam losses reached $4M across multiple sound-alike organizations.

The protective architecture is mature and easy to use. Charity Navigator (charitynavigator.org) and Candid (candid.org) — both free, independent third-party rating services — list every IRS-registered 501(c)(3) charity and provide ratings on financial health, accountability, and program impact. The IRS Tax Exempt Organization Search at irs.gov/charities-non-profits/tax-exempt-organization-search is the federal authoritative source. If a "charity" is not listed in any of these three databases, it is not a registered 501(c)(3) charity and donations are neither tax-deductible nor accountable.

What stops it is the third-party verification rule. Search the exact charity name on charitynavigator.org or candid.org before donating. If the organization isn't listed, walk away. Real established charities welcome the verification — they list their Charity Navigator rating prominently on their own website. Scam organizations have no Charity Navigator rating because they were registered too recently and never went through the IRS 501(c)(3) process.

Scammers impersonate FEMA officials — door-to-door, by phone, by text, or by email — and offer disaster grants, home inspections, or expedited assistance for a fee. FEMA never charges for disaster assistance. Real FEMA inspectors carry official photo ID, work for federal contractors with verifiable badges, and the inspection / assistance process is documented through the homeowner's DisasterAssistance.gov account.

A representative case from FTC consumer-protection alerts after Hurricane Helene: a homeowner in western North Carolina answered the door to a man wearing a polo shirt with an embroidered "FEMA Disaster Inspector" patch, holding a clipboard and a tablet. He said he was conducting damage inspections for FEMA disaster-grant processing and needed to verify her FEMA registration number, last four of her SSN, and bank-account information for "grant disbursement." He also asked for a $300 "expedite fee" payable by Zelle. The homeowner gave him the requested info and paid the $300. Two weeks later her bank account was empty and her FEMA grant application had been hijacked — someone using her info had filed for additional grants and had them disbursed to a different account. Real FEMA inspectors don't ask for SSN, banking info, or fees; the inspection process is documented in the homeowner's existing DisasterAssistance.gov account.

FEMA's published guidance is unambiguous: FEMA does not charge for disaster assistance. Real FEMA inspectors carry photo IDs that homeowners can verify, the inspection process is initiated through DisasterAssistance.gov by the homeowner (not by FEMA cold-canvassing neighborhoods), and disbursement happens through verified bank-account information already on file in the homeowner's account. The FTC's July 2025 consumer alert and the FBI's IC3 PSA 250116 both emphasize the same rule: any "FEMA representative" demanding payment is impersonation.

What stops it is the FEMA-never-charges rule plus DisasterAssistance.gov verification. Real FEMA assistance is initiated by the homeowner through disasterassistance.gov, with all communication and document upload happening through the homeowner's account portal. Any "FEMA representative" who shows up at the door demanding payment, banking info, or registration-number verification is a scammer. Take their card if offered, close the door, log into your DisasterAssistance.gov account directly to verify any pending inspection or document request, and report the impersonation to the National Center for Disaster Fraud at 1-866-720-5721.

Within hours of a major disaster, contractors arrive offering quick repairs for cash deposits. Many are unlicensed, uninsured, or outright fraudulent — they collect deposits and disappear, or perform shoddy work. Variant overlaps with our door-to-door-contractor-scams guide. The protective rule is the same: never sign or pay on the day of contact.

A representative case from FBI Houston advisories after Hurricane Beryl: a homeowner with roof damage from the storm answered the door to a contractor with out-of-state plates offering immediate roof repair for $4,000 cash deposit, with the rest payable when work was complete. The contractor said state inspectors would penalize unrepaired homes within 72 hours and that homeowners insurance would cover the full cost. The homeowner paid the $4,000 deposit; the contractor returned the next day with two laborers, climbed onto the roof for an hour, and left without completing any visible work. The contractor's phone went disconnected within a week. State contractor-licensing lookup showed no record of the LLC name. Variant follows the canonical storm-chaser script covered in detail in our door-to-door-contractor-scams guide.

The protective architecture is the same as for non-disaster contractor scams: state contractor-licensing boards, BBB Scam Tracker, the FTC Cooling-Off Rule's 3-business-day cancellation right, and pay-only-by-credit-card discipline. The disaster-specific addition is that your homeowner's insurance carrier maintains a list of vetted preferred-vendor contractors and will dispatch them at no cost — call your insurance carrier first before signing with any door-to-door contractor. Real legitimate contractors after disasters are typically already booked with carrier-vetted work; the contractors knocking unsolicited are the structurally unverifiable ones.

What stops it is the same never-sign-on-the-day rule. Call your insurance carrier directly (number on your policy) before signing any post-disaster repair contract. Use the FTC Cooling-Off Rule (16 CFR Part 429) for 3-business-day cancellation if you signed under pressure. Pay only by credit card. See our full guide at door-to-door-contractor-scams for the complete protective playbook.

Donation-request emails arrive purporting to be from major charities, with links to fake donation forms that capture credit-card details. Real established charities don't send unsolicited urgent emails to non-subscribers, and the email links should always route to the charity's official .org domain — not a lookalike. The protective rule: don't click email donation links. Type the charity's URL directly.

A representative case: after a major disaster, an email arrives reading "American Red Cross Emergency Appeal — donate now to help families displaced by the disaster." The email is well-formatted with Red Cross branding and includes a "Donate Now" button. The button routes to "redcross-disaster-appeal.org" (lookalike domain — not redcross.org). The page mimics the Red Cross donation flow, asks for credit-card details, and captures them. The donation never reaches the Red Cross; the credit-card details are used for fraud weeks later. Real Red Cross emails route to redcross.org; any other domain is the diagnostic.

The protective rule is identical to the rule for Amazon, package-text, and other brand-impersonation phishing variants. Don't click links in unsolicited donation-request emails. If you want to donate to the Red Cross, Salvation Army, World Central Kitchen, or any other established charity, type the charity's URL directly into your browser. Real established charities have memorable .org domains: redcross.org, salvationarmyusa.org, savethechildren.org, wck.org (World Central Kitchen), teamrubiconusa.org, directrelief.org. Anything else is a lookalike.

What stops it is the type-the-URL rule. Type the charity's URL directly; never click email donation links. If the email is a real charity appeal you want to honor, you'll find the same appeal on the charity's official website. Report donation-phishing emails to the impersonated charity (most have published abuse / phishing addresses) and to the FTC at reportfraud.ftc.gov.