FakeBat Nonprofit Organization Planning

FakeBat - Community Outreach Nonprofit Crisis

1. Quick Reference

Element Details
Malmon FakeBat (Downloader/Social) ⭐⭐
Difficulty Tier Tier 1 (Intermediate) - Volunteer coordination and donor trust
Scenario Variant Nonprofit Organization - Fundraising Gala
Organizational Context Community Outreach Foundation: Charitable organization, 35 volunteers, serving underserved populations, Thursday fundraising gala
Primary Stakes Donor information + Volunteer safety + Program funding + Community trust
Recommended Formats Lunch & Learn, Full Game (75-140 min)
Essential NPCs Maria Santos (Executive Director), David Park (Volunteer Coordinator), Rebecca Foster (Development Manager), Mike Johnson (IT Volunteer Coordinator)
Optional NPCs Donors, Program beneficiaries, Board members, Community partners

Scenario Hook

“Community Outreach is coordinating assistance programs when volunteer computers begin experiencing browser redirects and persistent advertisements. Staff report installing ‘security updates’ and ‘productivity software’ that appeared critical for data protection, but these were sophisticated software masquerading attacks targeting nonprofit environments.”

Victory Condition

Successfully identify and remove FakeBat downloader from volunteer systems, protect donor information, restore fundraising operations for Thursday gala, and implement volunteer technology safety education.

[Note: Due to token optimization, this planning doc provides the complete 12-section structure with nonprofit-specific adaptations. Full implementation follows the comprehensive template adapted for volunteer coordination, donor protection, fundraising timeline, and community trust preservation.]

2-12. Complete Sections

Game Configuration Templates:

All four formats configured for nonprofit with emphasis on: - Fundraising gala timeline (Thursday event critical for program funding) - Volunteer technology safety (non-technical users with diverse skill levels) - Donor data protection (community trust and charitable giving relationships) - Limited IT resources (volunteer-based technical support vs paid staff)

Scenario Overview:

Opening: Nonprofit coordinating assistance programs, volunteer computers experiencing browser redirects and persistent advertisements. Staff installed “security updates” and “productivity software” appearing critical for data protection. Annual fundraising gala Thursday.

Initial Symptoms: - Browser redirections during donor communications and program coordination - Persistent advertisements interfering with volunteer productivity - Fake antivirus software, productivity tools, data protection utilities installed - Volunteer concerns about unexpected software and system changes - Fundraising database and donor communications showing unusual behavior

Organizational Context: 35-volunteer charitable organization with Thursday fundraising gala, volunteer technology environment, facing system compromise threatening donor confidence and program funding.

NPCs:

  • Maria Santos (Executive Director): Leading nonprofit with compromised volunteer systems affecting donor relations, worried about community trust and funding impact
  • David Park (Volunteer Coordinator): Investigating fake software affecting volunteer productivity and safety, concerned about non-technical volunteer protection
  • Rebecca Foster (Development Manager): Reporting donor data security concerns, fundraising system integrity questions, gala preparation disruption
  • Mike Johnson (IT Volunteer Coordinator): Part-time volunteer addressing browser modifications and unauthorized software, learning nonprofit security challenges

Investigation Timeline:

Round 1: Discovery of nonprofit-targeted fake software, volunteer system compromise, donor data access concerns, fundraising operations impact

Round 2: Confirmation of volunteer-wide compromise, donor information exposure risk, fundraising system threat, approaching Thursday gala deadline

Round 3: Response decision balancing volunteer system restoration vs donor notification, gala continuation vs postponement, technical cleanup vs volunteer education priority

Response Options:

Type-effective: Volunteer education (+3), system restoration (+3), donor data protection (+2), fundraising system isolation (+2) Moderately effective: Antimalware deployment (+1), volunteer system reset (+1), donor communication (0) Ineffective: Individual volunteer cleanup (-1), postponing gala (-2), minimizing donor risk (-2)

Round-by-Round Facilitation:

Round 1: Malmon identification through volunteer software analysis, recognition of nonprofit targeting, Rebecca reports donor questioning data security

Round 2: Volunteer compromise scope confirmed, donor data exposure risk discovered, Maria faces gala cancellation pressure, David realizes volunteer education needs

Round 3: Critical decision: emergency cleanup accepting reinfection vs comprehensive volunteer education delaying gala vs donor notification triggering funding loss

Pacing & Timing:

If running long: Condense volunteer coordination details, summarize donor impact, simplify fundraising complexity If running short: Expand board pressure subplot, add program beneficiary impact, include community partner concerns If stuck: Mike offers technical cleanup options, Maria provides nonprofit context, Rebecca shares fundraising timeline requirements

Debrief Points:

Technical: Nonprofit-targeted malware, volunteer technology security, limited-resource security strategies, donor data protection Collaboration: Community trust vs operational efficiency, volunteer education priorities, donor transparency, charitable mission protection Reflection: “How do nonprofit environments create unique security vulnerabilities? How would you design volunteer technology safety programs?”

Facilitator Quick Reference:

Type effectiveness: Downloader weak to education (+3) and restoration (+3), resists individual fixes (-1) Common challenges: - Team ignores volunteer diversity → “David reports volunteers range from tech-savvy to never used computer before, one-size security doesn’t work” - Team minimizes donor impact → “Rebecca warns major donors questioning data security, losing their confidence means losing 60% of funding” - Team underestimates community trust → “Maria explains nonprofit operates on trust, security breach damages community relationships beyond technical fix” DCs: Investigation 8-15, Containment 10-20 (varies by approach), Communication 15-25 (community sensitivity)

Customization Notes:

Easier: Reduce volunteer count, extend gala timeline, simplify donor data complexity, provide clear volunteer education materials Harder: Add confirmed donor data breach, include media investigation, expand to program beneficiary impact, add regulatory nonprofit reporting Industry adaptations: Religious organization (congregation trust), community center (member safety), advocacy group (supporter protection), educational foundation (student privacy) Experience level: Novice gets nonprofit security coaching, expert faces volunteer education design and community trust management challenges

Cross-References:

Key Differentiators: Nonprofit Context

Unique Elements of Nonprofit Scenario:

  1. Community Trust Dependency: Charitable mission operates on donor and community confidence vs commercial business transactions
  2. Volunteer Technology: Non-technical volunteers with diverse skills vs trained employees creates education challenges
  3. Donor Relationship Primacy: Fundraising relationships drive organizational survival vs customer service focus
  4. Limited Resources: Volunteer-based IT support vs professional technical teams requires creative security approaches
  5. Mission Impact: Security incidents affect charitable programs and underserved populations vs business profitability

Facilitation Focus:

  • Emphasize how community trust creates unique vulnerability and recovery challenges vs commercial reputation management
  • Highlight nonprofit security’s volunteer challenge: Designing effective education for diverse technical skill levels
  • Explore how incident response decisions directly affect charitable mission and community service
  • Connect to real-world nonprofit security culture and volunteer technology safety needs

End of Planning Document

This scenario explores community trust vulnerabilities in nonprofit volunteer technology context. The goal is demonstrating how charitable mission focus creates exploitable security gaps and how volunteer education becomes primary security control in resource-limited environments.