News story

Keep your charity safe - watch out for phishing scams

This alert is being issued because of increasing reports of phishing scams. We are urging charities to be vigilant and protect themselves from harm.

Phishing is when fraudsters attempt to hoax users and get hold of sensitive information such as:

  • usernames
  • passwords
  • credit card details

They do this through electronic communication like email, pop-up message, phone call or text message.

Action Fraud get around 8,000 reports of phishing each month, which shows the scale of these scams.

Charities, like any other organisation, can be at risk and we are urging trustees to be vigilant.

It’s important to consider how to protect your charity from harm online. You can read detailed advice from government on improving cyber security. You can also find out how to become accredited under the Cyber Essentials Scheme.

If you think your charity has been affected by a phishing scam, whether it was prevented or not, report it to Action Fraud through their website or call them on 0300 123 2040.

If your charity has fallen victim to a phishing scam and lost sensitive data or valuable funds, you need to report it to us as a serious incident.

You can take this preventative action now:

  • make sure charity software has up-to-date virus protection (though it will not always prevent you from becoming infected)
  • don’t click on links or open any attachments you receive in unsolicited emails or SMS messages. Fraudsters can ‘spoof’ an email address to make it look like it’s from a trusted source. If you’re unsure, check the email header to identify the true source of communication. Information on how to find email headers is available on the MX Toolbox website
  • always install software updates as soon as they become available, they will often include fixes for critical security vulnerabilities
  • if your current software does not offer an ‘anti-spyware’ function, consider installing software which does, it can detect key loggers
  • make regular backups of your important files to an external hard drive, memory stick or online storage provider. But, it’s important that the device you back up to is not left connected to your computer, as a malware infection could spread to that too
  • if you suspect your bank details have been accessed, you should contact your bank immediately

The Charity Commission (independent regulator of charities in England and Wales) has issued this alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.

Published 16 October 2017