Information about fraud and cyber crime, how to spot it and what you can do to protect against it.
Like any other sector, charities are not immune to criminal abuse from fraudsters. Fraud poses a serious risk to valuable funds and sensitive data, and can damage the good reputation of charities, affecting public trust and confidence in the sector as a whole.
Fraud is dishonesty, involving either:
- false representation, for example identity fraud
- failing to disclose information
- abuse of position to make a gain or cause loss to another
Fraud is the most reported crime in the UK. According to the Office for National Statistics, an individual in the UK is 10 times more likely to be a victim of fraud than theft. The charity sector is no different.
Estimates of the scale of charity fraud in recent years have varied between nearly £150 million and almost £2 billion per year. It is clear that the loss to fraud has a significant impact on the good work that charities do.
Charity Fraud Awareness Week
This week aims to raise awareness of the key risks affecting the sector, promote good counter-fraud practices and encourage honesty and openness about fraud.
The 2018 campaign won a government counter-fraud award, all the helpsheets and e-learning videos remain available to help you protect your charity from fraud.
How to report fraud
If your charity has been the victim of fraud, it’s important to report it to the relevant authorities. Reporting can help you access essential advice to get your charity back on track, but will also build a clearer picture of the scale of fraud affecting the wider sector.
You should report attempted or actual fraud to Action Fraud or call them on 0300 123 2040.
Action Fraud is a national reporting centre specifically for reporting frauds and has an online fraud reporting service, available 24 hours a day. The website includes an A to Z of fraud types.
For essential advice on why, what and how to report fraud incidents to the Commission, see our guidance on reporting serious incidents, which includes a new table of examples and a fraud/theft checklist.
This short e-learning video on the Fraud Advisory Panel website explains why it’s important to speak out and report fraud.
Responding to fraud infographic
Our infographic gives you some top tips on how to respond to fraud when things go wrong. If in doubt, take action and report it.
How to protect against fraud
Fraud is a serious problem that you can’t afford to ignore. Charities can, and should do more, to be fraud-aware.
Charity trustees have a duty to manage their charity’s resources responsibly and ensure that funds are protected, applied and accounted for.
With a total annual income of over £69 billion, the charity sector is vulnerable to fraud and financial crime. It’s essential that trustees put in place suitable counter-fraud measures – even small changes can help protect charities from harm.
It’s vital that all money given to charities is used for legitimate and lawful purposes.
You can watch this YouTube video to help you spot the signs of fraud and scams.
Fraud can come from internal sources (insider fraud), for example by employees and volunteers, or from external sources such as fake emails set up by hoaxers.
You can find out more about preventing insider fraud through this e-learning video on the Fraud Advisory Panel website.
We have also published a research report about insider fraud and how it is affecting charities. The report includes wider lessons, case studies and tips to help you prevent insider fraud.
Fraud and financial crime is one of the most common types of abuse for charities. These are highlighted in our tackling abuse and mis-management reports.
Charity trustees can avoid basic mistakes and make sure their charity is well protected by:
- ensuring strong financial management and good governance
- putting in place financial controls and ensuring they’re applied robustly
- reading our guidance on internal financial controls for charities (CC8)
Some charities, such as shops or trading outlets, have a higher risk of financial loss or falling victim to fraud, due to the nature of their activities.
If your charity relies upon cash-based fund raising, it may be more vulnerable to opportunist and organised fraudsters. For advice on protecting your charity from fraud and financial crime, see Chapter 3 of the Charity Commission’s Compliance Toolkit.
Charities should take a proactive approach to reducing fraud risk by following best practice advice and practical tips, such as those outlined in.
The Fraud advisory Panel website has useful e-learning videos to help you prevent:
Counter fraud best practice: templates for charity trustees
We have a developed a range of best-practice templates for you to use when protecting your charity against fraud. All of the following can be adapted to suit the needs of your charity:
Counter fraud questions infographic
Our infographic highlights the questions you should be asking to help protect your charity against fraud.
About cyber crime and reporting a live attack
The risks to your charity from cyber crime are increasing all the time. It’s a huge problem, which all organisations need to be aware of and guard against. Around 70% of all fraud is now committed online and it has been described as ‘the crime of our times’.
Cyber crimes can be quite complex and difficult to detect, often involving data breaches or identity fraud. It’s important that you consider how best to protect your charity’s valuable assets from harm online.
The National Cyber Security Centre (NCSC) has produced a new e-learning training package: ‘Stay Safe Online: top tips for staff’. It’s free, easy to use and takes less than 30 minutes to complete.
The training explains why cyber security is important and how attacks happen. It then covers 4 key areas:
- defending yourself against phishing
- using strong passwords
- securing your devices
- reporting incidents
The Cyber aware website has an online assessment tool so you can check how cyber secure your charity is. Advice and guidance is provided after the assessment to help you meet the standard. You can also download Cyber Essentials documents to help you put essential security controls in place.
For an insight into the mindset of cyber hackers, you can read about the human side of cybercrime in the journal ‘Nature’.
You can learn more about protecting your charity against cyber fraud in this e-learning video on the Fraud advisory Panel website.
For general advice on guarding against cyber crime visit the following websites:
Taking a few simple actions today is a good start - you don’t need to be a technology expert to protect your charity.
Get help if experiencing a live cyber attack
Action Fraud has launched a 24/7 live cyber-attack helpline. In the event of a live cyber-attack, this helpline gives access to specialist advisors who can offer advice and support to charities or other organisations in reporting the attack. These reports are immediately sent to the National Fraud Intelligence Bureau (NFIB).
To prevent cyber criminals from operating, the NFIB will then assess whether there are any websites, bank accounts or phone numbers that can be closed down. The reports are also sent to the relevant law enforcement agency for investigation if necessary.
Cyber security research
The Department for Digital, Culture, Media & Sport (DCMS) has carried out research with UK registered charities to explore their awareness, attitudes and experiences around cyber security.
This is part of the government’s National Cyber Security Strategy which aims to make the UK the safest place to live and work online.
You can read the cyber security in charities research. This will help you to review and assess your cyber security processes, to help keep your charity safe.
Cyber security toolkit for boards
Charity boards have an important role in improving the cyber security of their organisations. The National Cyber Security Centre (NCSC) board toolkit has been designed for larger charities, to encourage essential discussions about cyber security between the board and wider staff or volunteer body.
Board members don’t need to be technical experts, but they should be able to have a fluent conversation with their experts and understand the right questions to ask.
The board toolkit covers a range of cyber security topics, starting with an introduction to cyber security specifically written for board members. Other topics include understanding the threat, collaborating with suppliers and partners, and planning a response to a cyber incident.
Each topic has straightforward guidance and helpful questions that board members can ask their technical teams. It can be adapted to fit a charity’s own unique cultures and priorities, and was created using genuine insights from boards about what they would like to know.
Regulatory alerts about fraud
We publish timely alerts and warnings to inform trustees about particular risks or vulnerabilities which could affect charities and their operations.
You can read our most recent alerts issued about fraud:
- cyber crime and how to report to the Charity Commission
- risk of CEO fraud through Christmas gift cards
- alert for charities operating in Syria or Turkey about aid passing through the Bab Al-Hawa crossing
- be aware of fundraising and postal stamp fraud
- be aware of insider fraud threats
- watch out for CEO fraud
- use the regulated financial sector
- payment diversion fraud
Organisations that combat fraud in charities
The following organisations carry out vital work to help combat fraud in charities.
Many of these belong to the ‘Charities against Fraud’ coalition, which is a cross-sector group of nearly 40 organisations who work together to fight fraud in charities.
Charity Commission for England and Wales
Registers and regulates charities in England and Wales, to ensure that the public can support charities with confidence.
Office of the Scottish Charity Regulator
The independent regulator and registrar for Scottish charities, supporting public confidence in charities and their work.
Charity Commission Northern Ireland
The independent regulator of charities in Northern Ireland, ensuring charities meet their legal requirements and obligations.
The Fundraising Regulator
The independent regulator of charitable fundraising, established in 2015 to strengthen the system of charity regulation and restore public trust in fundraising.
Information Commissioner’s Office
Upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
National Trading Standards
NTS Scams team provides advice and guidance to charities to ensure that charities and their donors are protected from fraud.
Police and crime prevention
The National Fraud Intelligence Bureau (NFIB) sits alongside Action Fraud within the City of London Police, which is the national policing lead for fraud.
Operation Signature (West Sussex Police) is the force campaign to identify and support vulnerable victims of fraud within Sussex.
FALCON stands for ‘Fraud and Linked Crime Online’ and is part of London’s Metropolitan Police Service.
Sector organisations and initiatives
Fraud Advisory Panel
The Fraud Advisory Panel is an independent voice of the counter-fraud community. It champions best practice and works to improve fraud awareness, and build sector resilience.
Get Safe Online
Get Safe Online is a public/private sector partnership supported by HM Government and comprising leading organisations across banking, retail, internet security and other sectors. It provides factual and easy-to-understand information about online safety.
Credit Industry Fraud Avoidance Service (CIFAS)
CIFAS is a not-for-profit organisation working to protect businesses, charities, public bodies and individuals from financial crime.
Small Charities Coalition
A national umbrella and capacity-building organisation with over 7,000 members UK-wide. It helps trustees, staff and volunteers of small charities access the skills, tools, and information they need.
Foundation for Social Improvement
Builds and shares knowledge across the sector, representing small charities with policy makers and the public. FSI provides vital leadership and supports small charities to raise funds to serve their beneficiaries.
Charity Finance Group
CFG champions best practice in financial management within the charity and voluntary sector. It provides guidance to its charity members and the wider sector at large on the best practice for countering fraud.
The Information Security Research Group at UCL works to understand how people become victims of cybercrime, and to identify realistic measures they can take to protect themselves.
Government departments and agencies
National Cyber Security Centre (NCSC)
The NCSC is the official government lead on cyber security. Its stated mission is to make the UK the safest place to live and do business online. It has a division which is directly responsible for charities and the wider public.
The Department for Digital, Culture, Media & Sport helps to drive growth, enrich lives and promote Britain abroad. It protects and promotes cultural and artistic heritage, helping businesses and communities to grow. It also plays a vital role in making Britain a safe place to be online.
HM Revenue & Customs (HMRC) is responsible for administering the UK’s tax system, including the management and reduction of risks to tax revenue. HMRC’s compliance and enforcement work includes tax fraud (where the law has been broken) and tax avoidance (where rules of the tax system have been misused to gain a tax advantage, but not illegally).