How to protect your charity from common frauds

Sep 15, 2016

Posted in

Guest blog from Mia Campbell, Manager at Fraud Advisory Panel, on how to protect your charity from common frauds.

With the latest official statistics revealing that fraud and computer misuse are now the most common crimes in the country, it is vital for charities of all kinds to have strong defences to protect their people, income and assets.

Having a good general awareness of current scams and how they might affect your charity is an important first step toward prevention. Here are three common scams and some simple measures to help prevent them.

Invoice fraud

A fraudster pretends to be a genuine supplier (or service provider) and asks you to change their bank account details so that future payments are diverted.

  • Make sure that invoices match your records and purchase orders before authorising payment. Carefully review the bank account details, amounts being claimed, and description of the goods or services provided.
  • Confirm ‘change of account’ requests with suppliers using contact details you know to be genuine.
  • Inform suppliers when a payment has been made.

Online banking fraud and malware

A fraudster impersonates your bank (by email, phone or text message) and claims that there has been suspicious activity on your account or that your password needs to be verified/updated. This is an attempt to obtain your personal and security information so that the fraudster can plunder your account.

Last year there were over 16,000 phishing websites trying to trick bank customers into disclosing their details, and banking malware now accounts for just over 40 percent of recorded malware infections. Always be wary of unsolicited emails containing links or attachments.

  • Never give anyone your full bank login details by email or over the phone. Regularly change your login passwords and don’t allow staff to share them.
  • Implement good IT security practice and educate your staff about how to stay safe online. The Government’s cyber essentials scheme and Get Safe Online can help you to do this.
  • Use dual authorisation and apply payment limits to your accounts.
  • Check your bank statements regularly and carefully. Report any suspicious transactions to your bank immediately.

CEO fraud

A fraudster poses as the chief executive (or chief financial officer) by email and asks staff to make an ‘urgent’ bank transfer or send confidential customer, donor or membership information. The attack is carried out using an email address that has been compromised.

The easiest way to prevent this fraud is to tell staff that such requests will never be legitimately made by email or phone at short notice.

  • Clearly communicate your policy on how financial transactions are requested, approved and verified.
  • Encourage staff to be sceptical of urgent and confidential requests for money and data and to seek independent confirmation before acting upon them. It is very easy for fraudsters to set up lookalike email addresses.
  • Be aware of the dangers of sharing too much online. This information is often used by fraudsters to sound more convincing.

Preventing common forms of charity fraud will be considered as part of the second national conference on ‘tackling fraud in the charity sector’ jointly hosted by the anti-fraud charity Fraud Advisory Panel and the Charity Commission on Friday 28 October in London. For more information, visit