Guidance

Protect your charity from fraud and cyber crime

Information about fraud and cyber crime, how to spot it and what you can do to protect against it.

Applies to England and Wales

How to report fraud or cyber crime

If your charity has been the victim of fraud or cyber crime, it’s important to report it to the relevant authorities. Reporting can help you access essential advice to get your charity back on track, but will also build a clearer picture of the scale of fraud affecting the wider sector.

Action Fraud is a national reporting centre specifically for reporting frauds and has an online reporting service, available 24 hours a day.

For essential advice on why, what and how to report fraud or cyber crime incidents to the Charity Commission, read our guidance how to report a serious incident in your charity.

Top tips for responding to fraud when things go wrong

  • if in doubt, take action and report it
  • act quickly. This will minimise harm done and maximise your legal options
  • do not panic, stay calm and follow procedure (wherever you can)
  • find out in advance who needs to be informed (both inside and outside the charity)
  • have a ‘fraud response plan’ ready so that everyone knows what to do and when
  • take steps to preserve evidence. You may need this for investigative or legal proceedings
  • seek professional legal advice, especially if you think you might take action in the civil courts

The Preventing Charity Fraud website has information on how to prevent, detect and respond to different types of fraud and cybercrime.

How to protect against different types of fraud

Fraud is a serious problem that you can’t afford to ignore. But even small changes can help towards protecting charities from harm.

It’s important to be more fraud-aware, identifying the ways in which your charity could be at risk. For example, threats to your charity’s IT systems, data and funds. Use the advice and resources signposted on this guidance page to identify actions you can take.

Charity trustees have a duty to manage their charity’s resources responsibly and ensure that funds are protected, applied and accounted for.

It’s vital that all money given to charities is used for legitimate and lawful purposes.

Insider fraud

Fraud can come from internal sources (insider fraud), for example by employees and volunteers, or from external sources such as fake emails set up by hoaxers.

You can find out more about preventing insider fraud in this e-learning video on the Fraud Advisory Panel website.

We have also published a research report about insider fraud and how it is affecting charities. The report includes wider lessons, case studies and tips to help you prevent insider fraud.

Financial fraud

Fraud and financial crime is one of the most common types of abuse for charities.

Charity trustees can avoid basic mistakes and make sure their charity is well protected by:

Some charities, such as shops or trading outlets, have a higher risk of financial loss or falling victim to fraud, due to the nature of their activities.

If your charity relies upon cash-based fund raising, it may be more vulnerable to opportunist and organised fraudsters.

Charities should take a proactive approach to reducing fraud risk by following best practice advice and practical tips, such as those outlined in Charity Finance Group’s Countering Fraud Manual (PDF, 858 KB, 35 pages).

The Fraud Advisory Panel website has useful e-learning videos to help you prevent:

Other types of fraud

Find out about further forms of fraud with Action Fraud’s A to Z of fraud types.

Counter fraud best practice: templates for charity trustees

We have developed a range of best-practice templates for you to use when protecting your charity against fraud. All of the following can be adapted to suit the needs of your charity:

Counter fraud questions trustees should ask

Do we:

  • understand what fraud is and what our responsibilities are?
  • understand our financial systems and data, and what ‘normal’ looks like?
  • encourage staff and volunteers to voice concerns?
  • run process test checks and observe jobs in action?
  • promote fraud awareness and understanding?
  • conduct an annual fraud risk review?
  • conduct pre-employment screening and in-service checks on staff?
  • have regular and frank conversations with delivery partners?
  • have a response plan ready so that everyone knows what to do?
  • have an anti-fraud policy and code of ethics?

About cyber crime and reporting a live attack

The risks to your charity from cyber crime are increasing all the time. It’s a huge problem, which all organisations need to be aware of and guard against. The vast majority of fraud is now committed online.

Cyber crimes can be quite complex and difficult to detect, often involving data breaches or identity fraud. It’s important that you consider how best to protect your charity’s valuable assets from harm online.

The National Cyber Security Centre (NCSC) has produced an e-learning training package: ‘Stay Safe Online: top tips for staff’. It’s free, easy to use and takes less than 30 minutes to complete.

The training explains why cyber security is important and how attacks happen. It then covers 4 key areas:

  1. defending yourself against phishing
  2. using strong passwords
  3. securing your devices
  4. reporting incidents

The Cyber aware website has an online assessment tool so you can check how cyber secure your charity is.

You can learn more about protecting your charity against cyber fraud in this e-learning video on the Fraud advisory Panel website.

For more advice on guarding against cyber crime visit the following websites:

Taking a few simple actions today is a good start - you don’t need to be a technology expert to protect your charity.

Get help if experiencing a live cyber attack

Action Fraud has a 24/7 live cyber-attack helpline.

In the event of a live cyber-attack, this helpline gives access to specialist advisors who can offer advice and support to charities or other organisations in reporting the attack. These reports are immediately sent to the National Fraud Intelligence Bureau (NFIB).

To prevent cyber criminals from operating, the NFIB will then assess whether there are any websites, bank accounts or phone numbers that can be closed down. The reports are also sent to the relevant law enforcement agency for investigation if necessary.

Cyber security toolkit for charity boards

Charity boards have an important role in improving the cyber security of their organisations. The National Cyber Security Centre (NCSC) board toolkit has been designed for larger charities, to encourage essential discussions about cyber security between the board and wider staff or volunteer body.

Board members don’t need to be technical experts, but they should be able to have a fluent conversation with their experts and understand the right questions to ask.

The board toolkit covers a range of cyber security topics, starting with an introduction to cyber security specifically written for board members. Other topics include understanding the threat, collaborating with suppliers and partners, and planning a response to a cyber incident.

Each topic has straightforward guidance and helpful questions that board members can ask their technical teams. It can be adapted to fit a charity’s own unique cultures and priorities, and was created using genuine insights from boards about what they would like to know.

Organisations that help combat fraud in charities

The following organisations carry out vital work to help combat fraud in charities.

Many of these belong to the ‘Charities against Fraud’ coalition, which is a cross-sector group of nearly 50 organisations who work together to fight fraud in charities.

Police and crime prevention

Action Fraud

The National Fraud Intelligence Bureau (NFIB) sits alongside Action Fraud within the City of London Police, which is the national policing lead for fraud.

Sector organisations and initiatives

Fraud Advisory Panel

The Fraud Advisory Panel is an independent voice of the counter-fraud community. It champions best practice and works to improve fraud awareness, and build sector resilience.

Get Safe Online

Get Safe Online is a public/private sector partnership supported by HM Government and comprising leading organisations across banking, retail, internet security and other sectors. It provides factual and easy-to-understand information about online safety.

Credit Industry Fraud Avoidance Service (CIFAS)

CIFAS is a not-for-profit organisation working to protect businesses, charities, public bodies and individuals from financial crime.

Charity Finance Group

CFG champions best practice in financial management within the charity and voluntary sector. It provides guidance to its charity members and the wider sector at large on the best practice for countering fraud.

Government departments and agencies

National Cyber Security Centre (NCSC)

The NCSC is the official government lead on cyber security. Its stated mission is to make the UK the safest place to live and do business online. It has a division which is directly responsible for charities and the wider public.

HMRC

HM Revenue & Customs (HMRC) is responsible for administering the UK’s tax system, including the management and reduction of risks to tax revenue. HMRC’s compliance and enforcement work includes tax fraud (where the law has been broken) and tax avoidance (where rules of the tax system have been misused to gain a tax advantage, but not illegally).

National Trading Standards

NTS Scams team provides advice and guidance to charities to ensure that charities and their donors are protected from fraud.

Published 10 October 2016
Last updated 20 January 2023 + show all updates
  1. Updated page formatting and links to organisations and resources helping to protect against fraud and cyber crime.

  2. Dates for Charity Fraud Awareness Week 2022 added.

  3. Information on Fraud Awareness Week updated for 2021.

  4. Added 8 guiding principles for tackling charity fraud.

  5. Added a link to a new e-learning training package produced by the National Cyber Security Centre (NCSC). It is available in the 'About cyber crime and reporting a live attack' section.

  6. Added a new section about the cyber security toolkit for boards.

  7. Added a link to charity fraud awareness week helpsheets and e-learning videos.

  8. Updated the cyber-security section with a link to the new NCSC guidance for charities.

  9. A responding to fraud infographic has been added to the 'Reporting fraud' section of the guide.

  10. Cyber-fraud section has been updated to include details about Action Fraud's 24/7 live cyber-attack helpline.

  11. Added a series of links to e-learning videos to help you prevent different types of fraud.

  12. Guidance has been updated to help you protect your charity against fraud.

  13. First published.