Recent media reports highlight that cyber criminals are targeting small charities and sports clubs, by preying on security weaknesses. In some cases, victims have been defrauded of tens of thousands of pounds of vital funds needed to support their charitable work.

One of the more common techniques employed by fraudsters is called phishing. This involves criminals, claiming to represent a financial institution, supplier or even a member of the charity’s executive team, sending unsolicited emails to an unsuspecting employee or volunteer. Recipients are tricked into handing over personal details or making payments to fraudulent accounts, through links to a fake website.

Why charities are targeted

Counter fraud expert, Professor Mark Button of the University of Portsmouth, says that small charities are being targeted by fraudsters, because they often have fewer internal checks in place, and staff and volunteers typically receive less online security training.

One recent case involved a local sports club which fell victim to fraudsters who targeted its volunteer treasurer. The criminals sent emails designed to look as if they had been sent by the chairman of the club, requesting payment for building works from reputable firms. These emails contained account numbers and sort codes for several bank accounts.

The treasurer, a retired accountant, was aware that the club was planning to refurbish the pavilion, so approved payments from the club’s bank account totalling nearly £30,000. However, the receiving bank accounts were actually controlled by the fraudsters, which is an increasingly successful scam commonly referred to as CEO Fraud.

Warning signs

  • An email from the CEO, Chairman or other executive, pressuring you to make a payment to a new payee, or to change the details of an existing payee
  • A link within an email you receive directs you to a website where you are asked to enter login credentials
  • You receive an email message claiming you need to log on to verify transactions on your account
  • An email with a general, non-personalised greeting
  • Receiving emails from financial institutions you have no relationship with
  • Spelling errors and irregular capitalisation of characters within the email

Reduce the risk of fraud

Here are eight simple tips on how to avoid becoming a victim of phishing:

  • Avoid clicking on links in suspicious-looking or unexpected emails, especially those you receive from an unknown source. Always access CAF Online Banking from the CAF website
  • Verify that all displayed payee names, account numbers and sort codes, and payment amounts are accurate, before submitting or authorising payments
  • Always confirm that requests to make payments or to change financial details have been made by a legitimate contact or company. Do this by using the established contact details you hold
  • Ensure all staff and volunteers, not just finance personnel, are briefed about this form of fraud
  • Put a system in place which enables contact from your organisation’s CEO or senior members of staff to be verified; such as having two points of contact responsible for checking that an instruction received is legitimate
  • Always review financial transactions to check for inconsistencies and errors, such as a mis-spelt company name
  • Consider what information is publicly available about the business and whether it needs to be public
  • Ensure computer systems are secure and that antivirus software is up-to-date

Reporting attempted fraud to CAF Bank

CAF's security centre provides more tips about how to protect yourself and your accounts from fraud.

If you think you have responded to a phishing email or given your banking details to an unknown contact, please call our customer service team on 03000 123 456.

External sources of online security guidance

The following links are to external websites offering further coverage of this topic. CAF has not reviewed, does not control and is not responsible for these websites, their content or availability.

  • The Charity Commission - Guidance for trustees and charity managers to help identify fraud risks, recognise common types of fraudulent activity and prevent fraud occurring.
  • Action Fraud - UK’s national fraud and cyber crime reporting centre.
  • Get Safe Online - Unbiased and easy-to-understand information on online safety.