Ripples of a Click — The Anatomy of Deception

Welcome to this edition of the Click and Pledge's Fundraising Command Center Podcast where we talk the why, the what, and the how in the Click and Pledge's ecosystem. This is the why series.

So imagine this, You're sitting at home. Right?

Yeah.

And you think you're donating, say, a $100 to save a local animal shelter. You click a button, you feel good about yourself, and you just move on with your day.

Right. Like we all do.

Exactly. But, what if I told you that $15 of that donation actually just went to a Silicon Valley tech giant simply because you couldn't find a hidden button?

Wait. A hidden button?

Yeah. And what if the remaining $85 didn't even go to the animal shelter at all? What if it got permanently diverted to an entirely different charity without your permission?

I mean, honestly, that sounds like a scam you'd read about in my spam folder, like some shady overseas hacker operation.

Right. It does. But we aren't talking about shadow hackers today. We're actually talking about some of the most recognized, beloved household names in the tech and nonprofit sectors.

Wow. Okay. Yeah. Because, you know, when someone steals your parking spot or a coffee shop blatantly overcharges you for an iced latte, we instantly complain, we say oh that's fraud!'

Yeah we throw that word around a lot.

We do, we throw it around casually because it captures that feeling of being cheated, right? But in the world of fundraising technology fraud isn't a feeling, it is a very precise, very strict legal framework.

It absolutely is.

So today we are going on a forensic deep dive into the dark side of non profit fundraising platforms. We are going to tear down the actual architecture of deception to understand the strategy, the philosophy and the reasoning behind how certain platforms operate.

Yeah, we really have to get into the mechanics of it.

Exactly. Because our mission today is to show you, the listener, exactly why platform architecture matters so much and why at Click and Pledge, we designed our ecosystem completely differently.

And to do that, we have to look at the objective legal reality of how these platforms behave. Like, we have to strip away the marketing and the emotional branding.

Right. Ignore the slick websites.

Exactly. We have to look at the actual blueprints because if we step away from the casual everyday use of the word fraud, lawyers and regulators actually look for five very specific rigorous triggers.

The legal test.

Yeah. A five part test to determine if a system is fundamentally deceptive.

Okay. So it's not just a bad vibe. There's a literal checklist and instead of, you know, reading a textbook definition, let's just break down those five triggers conversationally because I know they're going to come up again and again in our deep dive today.

Definitely. So first there has to be a significant lie in legal terms, a misrepresentation of a material fact.

Right, so like selling someone a car that you don't actually own.

Perfect example. Second, the company has to actually know it's a lie. It can't be a typo or an accounting glitch. It's intentional knowledge of the falsehood.

Okay, so deliberate lie. Got it.

And that leads directly to the third trigger which is intent to deceive. The system was specifically designed to trick the user.

So it's baked into the strategy. What's the fourth?

Fourth is reliance. The victim has to actually believe the lie and you know make a financial decision based on it. They have to trust the platform.

Right, hand over their credit card.

Exactly. And finally the fifth trigger is injury. Real, measurable, financial or operational damage has to occur.

So the lie, the knowledge, the intent, the trust, and the damage. You need all five.

All five. That's the standard.

So if that is the strict legal standard, here's the really big question: How do massive tech platforms that are supposedly built for social good end up hitting every single one of those triggers?

That's a great question and it's not theoretical.

Right. So let's take our first real world case study. We're going look at the collapse of a platform called Flip Cause. And just for some context for you listening, Flip Cause was an Oakland based tech company. They heavily marketed themselves as this ultimate all in one fundraising backbone for thousands of small nonprofits.

Yeah. And their primary marketing pitch was this massive, neon flashing promise. They explicitly told these small charities, your money and your data always belong to you.

That sounds like a pretty solid promise.

It was a great hook. But the underlying technological architecture told a completely different story. Story. And this is where we hit that very first trigger.

The lie.

The lie. Exactly. Because Flip Cause did not operate as a direct payment conduit. They operated as a payment aggregator.

Okay. Let's pause here because I want to make sure we truly understand the mechanics. Most people, you know, they don't know the difference between an aggregator and a direct merchant account.

Oh, absolutely. It sounds like boring banking jargon.

It really does. But this structural difference is the entire ballgame, isn't it? Like, can you walk us through physically how the money moves in both scenarios?

Yeah. It is the absolute core of the issue. Let's start with a true merchant account. This is the architecture we recommend, and it is exactly how our platform at Click and Pledge is built.

Right. The right way to do it.

Exactly. In a true merchant account system, the money moves from the donor's credit card through the payment processor and directly into the charity's own dedicated bank account.

So, it's a straight line?

A straight line. It takes about two to three business days to clear. The platform meaning us, we never actually touch the funds, we just provide the secure software pipe for the money to travel through.

Got it. It's like a direct flight, no layovers.

Precisely.

Yeah.

Now, let's look at an aggregator like Flip Cause. They intercept that flow. When a donor gives money, it doesn't go to the charity.

Where does it go?

It goes into a massive centralized corporate bank account completely controlled by Flip Cause. They take everyone's donations from thousands of different charities and dump them into one giant bucket.

Wow.

And instead of releasing that money in two days, Flip Cause routinely delayed disbursements for seven to fifteen days.

Wait, up to over two weeks? Yeah.

So going back to their marketing promise that your money belongs to you, that was a material misrepresentation. Flip cause controlled the timeline and they controlled the custody.

It's essentially like my employer giving my monthly paycheck to some random guy standing on the street corner.

Right.

And that guy says, Hey, don't worry. It's your money, but I'm just going to hold onto it in my personal checking account for a couple of weeks before I give it to you. I mean, would never agree to that.

No one would if it was explained that way.

But why would a platform intentionally design a system to hold onto other people's money for weeks. It seems like an absolute customer service nightmare. Like charities would be constantly calling them.

It is a customer service nightmare, but it is a brilliant financial extraction strategy. And this is where we see the second and third triggers.

Knowledge and intent.

Exactly. The knowledge and the intent to deceive. Flip Cause knew exactly what they were doing because of a banking mechanism known as the float.

The float. Okay. Unpack that for us because I hear that term in finance a lot. How does the float actually generate revenue for them?

Think about the sheer volume of cash. If you are aggregating donations for, say, 3,000 nonprofits, you aren't just holding a few $100.

Right. You're holding millions.

You are holding millions and millions of dollars at any given time. And when a corporate entity holds that much cash in their accounts for one to two weeks, that money doesn't just sit there doing nothing.

Oh, it earns interest.

It earns interest. The aggregator model is structurally designed to capture that float. They collect massive amounts of interest on the nonprofit's money.

While the charities themselves are just waiting.

Waiting. Forced to wait weeks to pay their rent or fund their programs, they built a system designed to treat donor goodwill as an interest free loan for their own corporate benefit.

So, they are quietly skimming the interest off the top before passing the principal along. That is incredibly insidious.

It really is.

But you know, with Flip Cause, it wasn't just about skimming interest, was it? The extraction went a lot deeper than that, which brings us to the actual injury part of the legal test.

It did. The entire aggregator house of cards eventually collapsed, and we know from the actual court documents what happened behind the scenes. Well, while over 3,200 non profits were actively relying on this system, which, by the way, hits our fourth trigger, Reliance.

Right. They trusted the platform, they directed their donors there.

Exactly. But the money wasn't just sitting in a holding account. Flip Cause executives and related entities actually extracted approximately $3,800,000 from the company for themselves.

Wait. Let me make sure I'm hearing this right. They pulled $3,800,000 out for themselves while actively freezing the payouts to the actual charities.

Yes. They continued to accept brand new donations from the public, knowing full well they were failing to transfer the older existing funds to the charities.

That is wild.

They knew the money wasn't flowing out, but they kept the intake valves wide open.

Which brings us to the final trigger, the crushing measurable injury. What happened when the music finally stopped?

When Flip Cause finally declared bankruptcy, the numbers were just staggering. They had a mere $70,000 left in their bank account.

70,000? That's nothing.

It's nothing. But they legally owed $29,000,000 to those 3,200 small charities. Oh my god. 29,000,000.

Yes. The injury wasn't just a bad quarter on a spreadsheet. We are talking about severe staff layoffs, cancelled community programs, and local charities completely shutting their doors.

All because their lifeblood just vanished into the aggregator's central pot.

Exactly.

That is a profound structural failure of custody. It proves exactly why relying on an aggregator is a massive systemic red flag.

It's a huge risk.

But, you know, as devastating as that is, it's ultimately a story about a middleman fumbling the bag once they already had the money.

I want to transition to our second case study now because this one takes the deception to an entirely different level.

It really does.

We are talking about platforms that hijack a charity's actual identity before they even see the money.

Yeah, the scale of extraction evolves with the technology, it gets much more sophisticated.

Now I have to push back here for a second before we dive in. Yeah. Because the Flip Cause story makes sense, they were a B2B company mostly operating in the background. But our next case study is GoFundMe. And GoFundMe is massive.

It is a household name, like my neighbor used it to pay for emergency vet bills, people use it to rebuild after hurricanes. It has this incredible brand halo of being the ultimate platform for human generosity.

Absolutely. Everyone knows them.

Are you seriously suggesting that a company that beloved is hitting the exact same legal triggers for deceptive practices?

I completely understand the skepticism because, you know, their public relations branding is incredibly strong, but we aren't looking at their PR today.

Right. The blueprints.

We are looking at their engineering and the objective legal reality of their operations, specifically surrounding the bombshell revelations from October 2025.

Okay. Lay it out for us.

When you apply the exact same five part test to GoFundMe, the architecture of deception is undeniable. And it starts with what we call identity plagiarism.

Identity plagiarism. Okay. Explain how that works mechanically. Because we aren't talking about them spinning up a dozen fake pages by accident. Accident.

No. This was industrialized on a massive scale. It was entirely programmatic. Reports revealed that GoFundMe quietly created approximately 1,400,000 individual donation pages for registered US nonprofits. Nonprofits.

1,400,000.

Yes. And they didn't ask a single one of those charities for permission.

Wait, how do you even build 1,400,000 web pages without the organizations knowing? Like, where do they even get the data?

They scraped it. Every registered nonprofit has public data filed with the IRS, their name, their employer identification number or EIN, and their physical address.

Right. Public record.

Exactly. GoFundMe wrote scripts to automatically pull that massive database and auto generate 1,400,000 live web pages. They slapped the non profit's actual names, their government EINs, and in some cases their specific logos and mission statements right onto GoFundMe hosted URLs.

Wow. So to a normal donor who just searches for a charity on their phone, they land on this page, they see the charity's exact name and official tax ID, and they assume, great. This is the official donation portal. Yeah. That is a massive material misrepresentation.

They're literally wearing the charity's face.

Exactly. GoFundMe acted as a digital chameleon and we know this wasn't an accident of like a rogue algorithm.

Right. Which brings us to the second trigger. Knowledge. Knowledge. They engineered this intentionally and we know this because GoFundMe actually owns and operates a subsidiary called Classy.

Oh really?

Yeah and Classy is a true consent based fundraising platform so GoFundMe knows exactly what it looks like to properly onboard a charity, verify their banking, and get authorization to raise money.

Oh that's damning.

It is. For these 1,400,000 pages, they intentionally chose to bypass consent entirely.

Okay, so they intercepted the donor. But what actually happens to the money? If the charity didn't set up the page, they obviously didn't connect their bank account to it. So where does the cash physically go when I hit donate?

This is where we get into what we call the reallocation reality. When you donate through one of these scraped unauthorized pages, your money does not go to the charity.

It does. No. It goes into a third party holding tank. Specifically, the PayPal Giving Fund.

Okay. So it just sits there.

It sits there. GoFundMe then sends an email to the actual charity who again had absolutely no idea this page even existed saying essentially, Hey, we have money for you.

Oh, I see where this is going.

You just need to create an official GoFundMe account, agree to all our terms of service and claim it.

That feels like digital extortion. Like, we took your donors money using your name, now sign our contract if you ever want to see it. It forces their hand. But what if the charity ignores the email? Or what if it goes to a spam folder, which happens all the time?

What happens to the money sitting in that PayPal holding tank?

This is the craziest part. If the funds remain unclaimed for a certain period of time, the terms of the holding tank dictate that the money can be reallocated to completely different charities entirely.

You are kidding me.

I'm not.

So I could donate $50 thinking it's going to my local animal shelter, and because they didn't sign GoFundMe's arbitrary contract, my money gets sent to a national theater group three states away.

Yes.

That completely hijacks the donor's original intent.

It absolutely does. But hijacking the intent is really only a byproduct of the system. Yep. The real reason they built 1,400,000 fake pages brings us to the third legal trigger, the intent to extract.

Okay. Explain that.

They built this vast unauthorized infrastructure to extract cash directly from the donor through default tipping.

Oh, the tipping mechanism. This is fascinating. Break down the user interface of this because I know it is engineered perfectly to trick people.

It is. When a donor landed on one of these scraped pages and entered their donation amount, the platform automatically embedded a default tip for GoFundMe itself.

A tip for the platform?

Yes. And reports showed this tip was set aggressively high, usually between 1416.5% of the total donation amount.

That's huge.

And I wanna be really clear here. This tip was on top of the standard credit card processing fees.

It reminds me of the modern tipping culture we all joke about now. You go to a self checkout kiosk at the airport, you grab a bottle of water, you do all the scanning yourself, and the machine flips around asking for a 20% tip.

Exactly.

But, know, at least at the airport, the no tip button is right there on the screen. How did GoFundMe handle the opt out?

They weaponized the user interface. They designed the checkout flow so the 15% tip was turned on by default, and they made it incredibly counterintuitive to remove it.

How so?

Donors were forced to actively hunt for a hidden tiny drop down menu, manually select the word other, and then physically type in a zero just to avoid paying Go Fund Me a massive premium.

Wow.

They relied on donor friction and fatigue to guarantee their extraction.

Which perfectly illustrates the fourth trigger, reliance. The donors relied on the visual cues, they saw the charity's name, they assumed the platform was just a neutral conduit, and they gave their money in good faith.

Yes, they trusted the page.

They ended up paying unnecessary fees under the absolute illusion of direct support. But let's talk about the final trigger, the actual injury to the non profits because it's not just about the donor losing 15%, is it?

No. It's much worse for the organization.

You call this the structural bypass. How does that mechanism actually damage the sector?

The structural bypass is where technological architecture becomes a literal weapon against the charities themselves. GoFundMe took these 1,400,000 unauthorized pages and ensured that search engine optimization or SEO was turned on by default.

Okay. For the non technical listeners, explain what that means in practice.

In SEO, there is a concept called domain authority. Because GoFundMe is a massive, highly trafficked website, Google trusts it immensely.

Right.

So imagine a donor goes to Google and types in, donate to the Springfield Animal Rescue. Because of GoFundMe's massive domain authority, their unauthorized scraped fake page will often rank higher in the Google search results than the Springfield Animal Rescue's actual official legitimate website.

Oh wow. So they are literally intercepting the web traffic before the donor even gets to the charity's front door. Yes.

They hijack the search intent.

It's the digital equivalent of setting up a fake charity booth right on the sidewalk outside the real charity's office.

Exactly.

You catch everyone walking by, take a 16% cut from their wallets, throw the rest in a locked box, and tell the real charity they can have the box later if they sign a contract.

That is the exact physical equivalent of what they did digitally. And the injury happens on two distinct fronts. Here.

Okay. What's the first front?

First, the nonprofit is completely bypassed. They lose control of their brand messaging, they lose the direct relationship with the donor, and perhaps most importantly, they lose the vital donor data.

The emails, the contact info.

Exactly. The data they need to build a long term relationship is just gone.

And what is the second front of the injury?

The second front injures the secure technology partners that the nonprofit actually hired.

Like us?

Right. When an organization partners with a platform like ours at Click and Pledge to securely process their payments and manage their campaigns, we provide the vital infrastructure they need. Yeah. But when GoFundMe intercepts that donor on Google, they capture that 15% tip for themselves and they starve the legitimate tech infrastructure of the revenue required to maintain secure functioning systems for the entire sector.

Creates a toxic environment.

It creates a system where extraction is incentivized over actual service.

That is maddening. But here's the thing, you can't run an extraction operation on that scale forever without regulators catching on.

No, you really can't.

We don't even have to sit here and debate whether this crosses an ethical line because the legal system has already stepped in. Let's talk about the fallout.

Shifting to a purely objective, analytical view of the legal landscape. The regulators did exactly what you would expect. In March 2026, a bipartisan coalition of 22 state attorneys general issued a formal scathing demand letter to GoFundMe.

22 states. That is massive bipartisan agreement. What did the letter say?

They didn't mince words at all. The attorneys general explicitly called these scraped pages plagiarized.

Wow. Plagiarized.

Yes. They cited severe violations of state consumer protection laws pointing directly to the exact deceptive practices we just analyzed, the unauthorized use of names, the hidden default tips, and the misleading of donor intent.

And it didn't just stop at a warning letter, did it?

No, it escalated into actual prosecution. Shortly after that letter, the Alaska Attorney General officially filed a lawsuit against both Go Fund Me and PayPal.

A full lawsuit?

Yes. The core of the lawsuit is the allegation that these platforms were impersonating nonprofits' identities and actively deceiving donors. They are actively prosecuting these platforms for deceptive trade practices in a court of law.

So what does all of this mean for you, the listener? Whether you are a donor, a nonprofit director, or just someone interested in technology, this is exactly why we say architecture is philosophy.

It really is.

The way a system is built dictates how it behaves. The code itself reveals the company's true intent.

Exactly. You cannot build a system designed to aggregate and withhold funds or scrape databases to create unauthorized portals and then claim you are prioritizing the charity. The architecture prohibits it.

And that is why at Click and Pledge, our system is purposefully designed from the ground up to make these specific risks structurally impossible.

Yeah, we built it differently.

We really did. When an organization uses our platform, we recommend they create their own direct Stripe account. It is in their name. It is directly connected to their local bank.

Right.

The money moves directly from the donor to the charity. We never touch a penny of your donor's money, meaning there's no float to capture. We never scrape public data to build unauthorized pages without permission. And we absolutely never add default tips to extract money from your supporters. Never.

Our model does not depend on a single one of the deceptive practices we just analyzed today. That isn't an accident. That is entirely by design.

It is the fundamental difference between building a platform to empower an organization versus building a platform to exploit one.

Perfectly said. And this is the core lesson we want you to take away today. When you rely on an aggregator or when you allow a third party middleman to insert themselves between you and your supporters, you aren't just giving up a transaction fee. You are surrendering control of your donor's intent. You are handing over the keys to your financial custody and you are allowing your organizational identity to be weaponized against you.

Which leaves us with a critical and honestly somewhat unsettling question to consider as we wrap up this deep dive.

What's that?

If these massive household name platforms built their entire empires on extraction, capturing the float, and identity plagiarism Yeah. What other silent middlemen are sitting between your donors goodwill and your actual cause? Are data brokers quietly selling your donor lists?

Oh, that's a scary thought.

Are social media ad networks intercepting your campaigns and throttling your reach unless you pay a premium? The architecture of deception doesn't stop at the payment processor.

It definitely doesn't. And that is exactly why we do these deep dives. For more information about this and all Click and Pledge products, make sure to visit clickandpledge.com and request for a one on one training or demo. Whether you are a client or curious about our platform, just ask us and we will gladly get together with you to chat.

We'd love to connect.

Don't forget to subscribe to this podcast to stay up to date with all the latest and greatest features of the Click and Pledge Fundraising Command Center.