Temple / Mosque Donation Phishing Scam
Cloned websites and messages impersonating a specific, real temple or mosque's donation channel to intercept congregational and community giving.
Last reviewed: 5 July 2026
What this scam is
This scam targets the donation channels of a specific, real, and identifiable temple, mosque, or other place of worship, rather than a generic or invented cause. Scammers clone the institution's real website, email communications, or QR codes, or impersonate its official social media presence, to intercept donations intended for the actual, known institution.
This differs from a fully fabricated fake charity in that the impersonated organisation is genuine and locally trusted — congregants already have an established giving relationship with the actual institution, which the scam exploits by inserting itself into that existing relationship rather than trying to build trust from nothing.
The scam is particularly common around religiously significant periods and events — major festivals, building projects, or annual fundraising drives — when donation volume and urgency are naturally elevated, and it can affect institutions of any faith tradition with an established local congregation and public donation infrastructure.
How it works
Scammers typically begin by copying the visual design, name, and any publicly available branding of a specific, known place of worship, registering a similar domain name or building a page on a common donation-processing platform designed to closely resemble the institution's real one. Distribution follows the institution's own usual communication patterns — a fake email blast to a scraped or purchased mailing list, a social media post from an impersonating account, or a printed QR code placed in or near the physical premises.
Donors familiar with the institution recognise its name, logo, and general appearance and proceed to donate without closely checking the exact web address or account details, particularly when the request references a specific, real event or campaign the institution is known to be running, such as a festival collection or a genuine ongoing renovation.
Because the impersonated institution is real, verification is more straightforward than with a fully invented charity — a phone call or in-person visit to the temple or mosque can immediately confirm whether the donation channel is genuine — but many donors do not take this step, particularly when time pressure or the routine nature of giving discourages a pause to verify.
Why this scam works
Existing trust in a specific, known local institution transfers automatically to anything bearing its name and visual branding, and most donors do not expect an impersonation targeting an organisation they already have a direct, ongoing relationship with, as opposed to a stranger charity appealing for the first time. This makes routine, low-scrutiny giving especially vulnerable.
The concentration of legitimate giving activity around major festivals and events also creates a natural moment when a fraudulent appeal referencing the same event blends in with a wave of genuine communications from the institution and its members, making it harder to notice a single fraudulent message among many expected ones.
A typical pattern
During a major religious festival, a member of a mosque's congregation receives a text message with a link to donate toward the festival's charitable collection, referencing the specific, real event the mosque is running that week. The message appears to reference genuine details and the linked page closely resembles the mosque's usual donation platform. The member donates by card. Days later, mosque leadership announces during prayers that no such text was sent and that its actual donation channel has a different web address entirely, at which point several congregants realise they gave through the fraudulent link instead.
Common red flags
- Donation link or account detail arrived via an unfamiliar text, email, or social media account
- Web address differs even slightly from the institution's known, established domain
- QR code appears to be a sticker placed over an original printed code
- Message claims a new or temporary payment method due to a system issue
- Appeal creates urgency tied to a specific festival or event to discourage verification
- Institution has not independently confirmed the appeal through its own regular communication channels
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Join our festival giving campaign this week — donate here: [fake link]
Our regular donation system is temporarily down — please use this alternative method for now: [fake link]
Scan this code to contribute to our renovation fund conveniently from your phone. [QR code]
Please note our account details have changed — send your contribution to this new account.
Common variations
- Cloned donation website closely resembling the institution's real giving platform
- Fake QR code stickers placed over genuine codes at the physical premises
- Impersonating social media account posting fraudulent donation appeals
- Text or email campaign referencing a real, known event or festival collection
- Fraudulent claim of a new bank account or payment method due to a supposed system issue
How to verify before you act
Confirm any donation link, QR code, or account detail directly with the temple, mosque, or institution in person or by a phone number you already know or can verify independently, particularly before donating a significant amount or setting up a recurring gift. Compare the exact web address of any donation page character by character against the institution's known, established website rather than assuming visual similarity is sufficient.
For QR codes on printed materials at the physical premises, check with staff whether the code is original to the printed material or a possible sticker overlay, and be cautious of any donation appeal received via unfamiliar text message or email address that does not match the institution's known communication channels.
Payment methods used
- Card payment via a cloned website
- Bank transfer
- Person-to-person payment apps
Who is usually targeted
- Regular congregants of a specific, known temple or mosque
- Donors giving during major festivals or fundraising drives
- Members who give primarily through digital channels
- New or occasional attendees unfamiliar with the institution's usual giving process
What to do immediately
- Stop any recurring payment set up through the suspicious channel immediately
- Contact your bank or card issuer to dispute recent transactions
- Confirm directly with the institution, in person or via a known phone number, whether the appeal is genuine
- Take screenshots of the fraudulent message, page, or QR code before it disappears
- Alert institution leadership so they can warn the wider congregation
- File a report with your national fraud reporting body
How to prevent it
- Confirm any donation link or account detail directly with the institution in person or via a known phone number
- Compare the exact web address of a donation page character by character against the institution's known website
- Check with staff whether a printed QR code shows signs of a sticker overlay
- Be cautious of any donation appeal referencing a real event that arrives via unfamiliar text or email
- Encourage the institution to publicly announce and standardise its official donation channels
- Set up alerts for recurring donations so any unexpected change is noticed quickly
Evidence to preserve
- Screenshots of the fraudulent message, website, or QR code
- The exact web address or account details used
- Payment confirmations and transaction records
- Any confirmation from the institution that the appeal was not genuine
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How is this different from a completely fake charity scam?
This scam impersonates a specific, real, and locally known institution that the donor already has a genuine giving relationship with, rather than inventing an entirely fictitious cause. Verification is often easier because you can confirm directly with the real institution in person or by phone.
What should I do if I see a QR code at my place of worship that looks different from usual?
Ask a staff member or leader before scanning, and check whether the code appears to be a sticker placed over an original printed code. When in doubt, confirm the institution's donation details directly rather than relying on the code alone.
How can institutions help prevent this scam among their congregation?
Publicly announcing and standardising official donation channels, and promptly alerting the congregation to any fraudulent appeals discovered, significantly reduces the scam's effectiveness before it spreads further.