Scammers impersonate your executive director, redirect your grant disbursements, and phish the donor database — because nonprofits combine real money with part-time defenses. ScamDrill gives your staff and volunteers the practice to shut that down.
Transparent pricing on the organizations page · cancel anytime
Trust is your operating model. Scammers borrow it.
"It's [your ED] — I'm in a meeting, need gift cards for donors today, keep it quiet." It's the most common nonprofit scam because small, mission-driven teams act fast on a leader's ask.
Disbursement schedules are often public, and a single redirected payment can erase a program's budget for the year.
Your attack surface includes people who work two hours a week. Everyone with access to email, donor records, or payments needs the same instincts.
No IT department required, no enterprise procurement, no per-module pricing.
ED impersonations, fake donation receipts, grant-portal phishing, and vendor invoice swaps — over email and SMS.
Anyone with an email address or phone number can be a learner — including board members and weekend volunteers.
A missed drill becomes a private 60-second lesson, not a public shaming. That tone fits teams built on goodwill.
Show your board and funders that the organization practices what its data stewardship policy preaches.
Campaigns run on a schedule. One development or ops person can own the whole program.
Monthly plans on the website with a 30-day free trial — easy to budget and easy to justify.
A breach doesn't just cost money — it costs the confidence every future ask depends on.
Names, giving histories, and payment details make donor databases a real target. Training the people who touch them is the cheapest meaningful control.
Grant applications and audits increasingly ask about data-security practices. Exportable training records turn "we're careful" into documentation.
Most teams send their first simulation the same day they sign up.
Self-serve signup with a 30-day free trial — no sales process.
Email invites or CSV. Group by program, office, or role.
Drills spread across months, timed around campaigns and events.
One chart: clicks down, reports up, training complete.
Five-person teams are exactly who the ED gift-card scam targets, because one busy person approves everything. The free trial costs nothing, and setup for a team that size takes minutes.
Yes. Anyone with an email address (or, with their consent, a phone number) can be a learner. Many nonprofits include the board — they're impersonated most.
It's framed as practice, not testing: lessons are private, the tone is coaching, and group reports focus on trends. Most teams end up competing for the best reporting rate.
Plans are published on the organizations page and sized by team, so small organizations pay small-team prices. Questions about a fit for your budget? Get in touch.
Very little, on purpose: names and contact details for learners, drill results, and nothing else. We never sell data. Details on the security & trust page.
Start the free trial and give everyone who touches the mission a chance to practice.