Cookie Control

This site uses cookies to store information on your computer. Some of these cookies are essential to make our site work and others help us to improve by giving us some insight into how the site is being used.

Some cookies on this site are essential, and the site won't work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you're not happy with this, we won't set these cookies but some nice features of the site may be unavailable.

(One cookie will be set to store your preference)
(Ticking this sets a cookie to hide this popup if you then hit close. This will not store any personal information)

About this tool

About Cookie Control

Alert for charities – fraudsters impersonating staff

Data security fraud
Image Credit: 
Pixabay
10 December, 2019

 

 

The Charity Commission has received several reports from charities who have been targeted by fraudsters impersonating members of staff, specifically attempting to change employees’ bank details. In all these cases the request was made through an email.

What to look out for

Requests to your HR department, finance department or staff with authority to update employees bank details, usually from a spoofed or similar email address to that of the subject being impersonated.

With a strong social engineering element, the fraudster often states that they have changed their bank details or opened a new bank account.

Protection and prevention advice

  • Review internal procedures regarding how employee details are amended and approved, especially those in relation to verifying validity
  • If an email is unexpected or unusual do not click on the links or open the attachments
  • Email addresses can be spoofed to appear as though an email is from someone you know. Check email addresses and telephone numbers when changes are requested. If in doubt request clarification from an alternatively sourced email address or phone number

 

Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about your charity and employees, the more convincingly they can appear to be one of your legitimate employees. Always shred confidential documents before throwing them away.

The Charity Commission issued an alert in May 2019 that provides information and advice to charity trustees about cyber crime and has released guidance on how to report it.

Reporting fraud

If your organisation has fallen victim to this type of fraud, or any other type of fraud, you should report it to Action Fraud.

Charities affected by fraud should also report it to the Charity Commission as a serious incident. Where appropriate, the Charity Commission can also provide timely advice and guidance.

Core Category: