Security centre


Don't put yourself at risk; be aware of all the current threats and latest scams

Malware and spyware

‘Malware’ is a shortened term for ‘malicious software’. It’s a computer virus that is installed onto your computer for the hackers' benefit, ie to spy on you, slow down your computer, advertise to you through pop-ups or re-direct you to another webpage.

Spyware is a specific type of malware that monitors and logs your activity in order to steal personal information.

What are the risks?

  • Fraudsters are most likely to use spyware in order to steal personal information. With this information they can impersonate you and access your accounts via online banking, or over the phone.
  • This can lead to a fraudster obtaining your username and passwords.
  • They can then open new accounts or apply for loans or overdrafts in your name.
  • Also beware of malware that re-directs you to look-a-like websites.

For tips on defending your organisation from malware, read our guide.

Social engineering

Social engineering refers to a range of deceptive techniques used to convince you to divulge sensitive information or transfer money to a fraudster. The best defence against social engineering is to be aware of the techniques used and how to avoid them.

Download our Social Engineering Top 5s infographic


This involves a fraudster making phone calls to an individual, posing as bank staff, the Police or other official or company in a position of trust. The call may be made to coerce you into:

  • sending your money to another account for ‘safe keeping’ or ‘holding’.
  • withdrawing cash and handing it over to the fraudster for investigation.
  • giving out personal financial information, which can then be used to gain access to your finances.

Ways to protect yourself from vishing: 

  • Be wary of unsolicited phone calls, especially if you’re asked to provide personal information.
  • If you’re suspicious or feel vulnerable, don’t be afraid to terminate the call and say no to the caller’s requests.
  • Remember, it takes two people to terminate a call, so ensure the caller has also hung up and you have a clear line – you can use a different phone line to test the number.
  • Be wary of fraudsters using ‘call spoofing’ to deliberately fake the telephone number showing on your caller ID, making it look like a genuine bank telephone number.
  • Never share your security details with a third party. It’s important to keep your account and security details safe. We will never ask you for your PIN number or full security code word.
  • We’ll never send someone to collect your debit or credit cards from you.

Criminals may already have basic information about you in their possession (ie name, address, account details), but don’t assume a caller is genuine because they have these details, or because they claim to represent us or another legitimate organisation.

Case study:

A customer received a call from somebody purporting to work for a telephone and internet company. The caller claimed there were issues with the customer’s internet connection and requested details to fix the issue.

The requested personal information included security details for the customer's online banking accounts. Unless these details were provided, the customer was told, the issue could not be resolved.  Believed this was a genuine problem and concerned they could potentially be cut off, the customer provided the information, hoping that it would help to resolve the reported issue.

Following the call, the customer received a text message from CAF Bank informing them that a new payee had been set up on their account via CAF Bank Online. The customer phoned CAF Bank immediately to inform us of the situation and to ensure that a payment was not sent. This case had a positive outcome due to the security measures CAF Bank has in place to help protect customers from this type of scam. This includes text alerts when new payees are set up and dual authorisation on all payments to third party accounts.


Fraudsters send emails directing you to websites where you are asked to provide confidential personal or financial information. These emails may appear to come from a legitimate site or email address, but they are designed to steal your personal information and use it to access your accounts.

More sophisticated forms of phishing include spear phishing and whaling (or whale phishing). Spear phishing is where a fraudster deliberately targets a specific person by creating a scam email containing personal information to deceive the recipient. Whaling is a spear phishing email aimed at someone with access to significant levels of personal or corporate assets. This may claim to be from someone you trust or in a position of authority, such as a senior executive, supplier, government agency or official.

Do not reply to or click on a link in an email that warns you that your account may be shut down unless you confirm your personal information. Instead contact the company in a way that you are sure is genuine, such as an authenticated telephone number. If you get an email claiming to be from us asking for personal information, please forward it to immediately.

For tips on how to spot phishing attempts and avoid falling prey, read our guides to scam emails and phishing scams.

Invoice Fraud

Knowing the tricks criminals use could help protect your charity against invoice fraud, a type of bank transfer scam.

Fraudsters are becoming increasingly clever at deception, so it's up to us to become more vigilant in our everyday lives. Invoice fraud is on the increase for businesses and charitable organisations. Fraudsters spend a lot of time researching organisations and who their suppliers are - so it's vital for organisations to know what to look for and protect themselves against losing money.

Our banking scams guide  will help you recognise the tell tale signs of attempted invoice fraud and pick up tips to defend your organisation.

This Financial Fraud Action UK leaflet highlights how criminals, who specialise in invoice fraud, target organisations and fake their supplier invoices. 

Case study:

A customer received an email from an existing supplier advising them to send a payment to new bank details for services that had been provided. As this was an existing supplier and the email was from a known email address, the details were changed and a payment sent. In fact, this was part of a scam where a fraudster had hacked into the supplier’s email account and provided fraudulent bank details.

The scam was discovered when the genuine supplier chased payment. The customer contacted CAF Bank to advise us of the fraudulent payment and we are in the process of attempting to retrieve the funds from the beneficiary bank.

Contact us

CAF Accounts

including CAF Charity Account and individual donations, CAF Charitable Trust, CAF Company Account, CAF Donate and CAF Charity Dashboard.

03000 123 000

(9.00am - 5.00pm Monday to Friday, except public holidays)

CAF Bank customers:

03000 123 456
03000 123 600 (Fax)

(9am - 5pm Monday to Friday, except public holidays)

Log in to CAF Bank Online

Seen something suspicious?

Useful links

Charities Aid Foundation © | Registered Charity Number 268369
25 Kings Hill Avenue, Kings Hill, West Malling, Kent ME19 4TA
10 St. Bride Street, London EC4A 4AD
Telephone: 03000 123 000