The Charity Commission has issued an alert to charities warning of fraudsters targeting the sector.*
The Commission said it has received a number of reports from charities who have been targeted by fraudsters impersonating members of staff, specifically attempting to change employees’ bank details. In all these cases the request was made through an email.
It is advising charities to look out for signs of fraud, including requests to HR departments, finance departments or staff with authority to update employees’ bank details, usually from a spoofed or similar email address to that of the subject being impersonated.
The Commission warned that fraudsters often state they have changed their bank details or opened new bank accounts.
The alert offers protection and prevention advice, suggesting charities should review their procedures for amending and approving employee details, particularly in relation to verifying if such requests are genuine. In addition, if an email is unexpected or unusual, then links or attachments should not be clicked.
It warns that email addresses can be spoofed to appear as though an email is from someone you know so it is important to check email addresses and telephone numbers when changes are requested and if in doubt, request clarification from an alternatively sourced email address or phone number.
The Commission said charities should always shred confidential documents before throwing them away and warned that fraudsters can use sensitive information that has been posted publicly on the internet to attempt to carry out a fraud.
Alan Bryce, head of development, counter fraud and cyber crime at the Commission, said: “We know several charities have been targeted by this fraud and we want to ensure others are equipped to protect themselves.
“So our message to charities is clear: read and understand our guidance on fraud, and check who’s sending an email whenever you receive a message about changes to staff bank details.”
For further information please contact a member of our team below.