Fake Tithing / Donation Portal Scam
Look-alike online giving pages that mimic a church or ministry's real tithing portal to redirect regular donations into a scammer's account.
Last reviewed: 5 July 2026
What this scam is
This scam targets the routine, recurring habit of online tithing and giving that many congregations now rely on. Scammers create a fraudulent donation page, app listing, or QR code that closely imitates a real church or ministry's legitimate giving portal, then distribute it through channels the congregation trusts — email, text, printed bulletins, or social media — so that regular givers unknowingly send their tithe or offering to the wrong account.
Because online and app-based giving has become a normal part of religious life, congregants are primed to expect a giving link or QR code as part of routine communication. This familiarity is exactly what the scam relies on: the fraudulent portal does not need to be identical to the real one, only close enough that a donor giving on autopilot does not notice the difference.
The scam can be a one-off event, such as a fake QR code slipped onto a printed bulletin or posted near a real collection box, or a sustained operation where a cloned giving page is promoted repeatedly over weeks, intercepting recurring donations set up by unsuspecting members.
How it works
Scammers typically start by copying the visual design, name, and branding of a real church or ministry's official giving page, registering a similar domain name, or building a near-identical page on a common giving-platform service. A QR code linking to this fake page is then produced and distributed — printed on paper stickers placed over a real bulletin's code, emailed to the congregation's mailing list if it has been compromised or scraped, or shared on social media posing as an official church account.
Donors who scan the code or click the link land on a page that looks convincingly like normal giving software, complete with the church's logo and familiar fields for donation amount and payment details. Because the visual cues match what the donor expects, card or bank details are entered without a second thought, and any recurring giving set up through the page continues to route to the scammer indefinitely until discovered.
In some cases, the fraudulent page is not a copy of a legitimate platform but a request for direct bank transfer or a person-to-person payment app account, framed as a 'temporary' arrangement while the church's real system is 'down for maintenance' — a pretext designed to explain away the deviation from normal giving channels.
Why this scam works
Regular giving is habitual, and habits reduce scrutiny — most donors are not consciously verifying a giving portal's authenticity each time they make a routine, recurring contribution. Trust in the church's own communication channels compounds this: a QR code on a printed bulletin or an email that appears to come from the church is assumed to be legitimate simply because of its context.
The scam also benefits from the social awkwardness of questioning a giving mechanism in a religious setting, where verifying a financial request can feel like an expression of distrust in the community rather than reasonable financial caution.
A typical pattern
A congregant receives a text message that appears to be from their church, providing a link to give online due to a 'temporary system upgrade.' The link leads to a donation page bearing the church's logo and familiar layout. The congregant enters their card details and sets up a recurring monthly gift. Weeks later, during a Sunday announcement, the church clarifies it never sent such a message and its giving system was never down. The congregant discovers their recurring donations have been going to an unfamiliar account the entire time.
Common red flags
- Giving link or QR code arrived via an unfamiliar text, email, or printed sticker
- Message claims the normal giving system is temporarily down and offers an alternative
- Web address is similar to, but not exactly, the church's known domain
- QR code appears to be a sticker placed over an original printed code
- Request to switch to a new bank account or payment app for giving
- Sense of urgency attached to using the new giving method immediately
- No confirmation of the change through in-person announcement or verified church communication
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Our online giving system is temporarily down for maintenance — please use this link to give today: [fake link]
New giving portal now live! Update your recurring donation here: [fake link]
Scan this code to give your tithe conveniently from your phone. [QR code]
Due to a banking update, please send this week's offering to our new account: [account details]
Common variations
- QR code stickers placed over the genuine code on printed bulletins or collection boxes
- Cloned giving website with a similar domain name promoted via compromised or spoofed church email
- Fake 'system maintenance' message directing donors to a temporary alternative payment method
- Fraudulent giving app listing using the church's name and logo in an app store
- Social media posts impersonating the church's official account with a donation link
How to verify before you act
Before entering payment details on any giving page, confirm the exact web address matches the church or ministry's official domain, typed independently rather than followed via link or QR code, especially if the giving request arrived via a printed sticker, unfamiliar email, or unsolicited text. If any giving platform, address, or account number differs from what has previously been used, contact the church directly through a known phone number or in person to confirm the change before donating.
For QR codes on printed materials, check whether the code appears to be printed directly on the original document or affixed as a separate sticker, which can indicate tampering. When in doubt, ask a staff member or church leader in person whether the giving method has recently changed.
Payment methods used
- Card payment on a cloned website
- Bank transfer
- Recurring payment set up through a fraudulent portal
- Person-to-person payment apps
Who is usually targeted
- Regular congregants who give online or recurringly
- Members who primarily interact with the church digitally
- Older congregants less familiar with verifying web addresses
- New attendees unfamiliar with the church's normal giving process
What to do immediately
- Stop any recurring payment set up through the suspicious portal immediately
- Contact your bank or card issuer to dispute recent transactions and block further payments
- Contact the church directly using a known phone number to confirm whether the giving method changed
- Take screenshots of the fraudulent page, message, or QR code before it disappears
- Report the fraudulent page to the giving platform it was hosted on, if applicable
- Alert church leadership so they can warn the rest of the congregation
- File a report with your national fraud reporting body
How to prevent it
- Always type a known giving website address directly rather than following a link or scanning a QR code from an unverified source
- Confirm any change to giving methods directly with church staff via a known phone number, not the number provided in the request
- Inspect printed QR codes for signs of a sticker placed over the original
- Set up alerts on your bank account for recurring payments so unexpected changes are noticed quickly
- Periodically review recurring donations to confirm they are still going to the intended organisation
- Be cautious of any giving request that cites a 'temporary' or 'urgent' change to normal payment channels
- Report suspicious giving links to church leadership so they can warn the wider congregation
Evidence to preserve
- Screenshots of the fraudulent giving page and its web address
- The original text, email, or printed material containing the link or QR code
- Payment confirmations and recurring payment setup details
- Any correspondence with the church confirming the giving method had not changed
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How can I tell if a church giving link is genuine?
Type the church's known web address directly into your browser rather than clicking a link or scanning a QR code from an unfamiliar source, and confirm any change in giving method with church staff directly through a known phone number.
What should I do if I already set up recurring giving through a fake portal?
Contact your bank or card issuer immediately to cancel the recurring payment and dispute any transactions already made. Then confirm with the church directly what the correct giving method is.
Are QR codes on church bulletins generally safe?
They can be safe when the code is printed as part of the original document, but stickers placed over a printed code should be treated with suspicion. When unsure, ask church staff to confirm the code is correct before scanning.