Tips for avoiding online fraud

You can’t control the actions of fraudsters. But you can follow a few simple tips to help keep you and your organisation safe and secure.

We want to protect you, so you can focus on supporting others. Here’s how you can help safeguard your computer and other devices, personal details and financial information.

Be clever with passwords

Here are our best tips for password prowess.


  • Spend time crafting something memorable to you
  • Use a passphrase which is a combination of three or four random words – the longer the overall password, the better
  • Use a mix of upper and lower case letters
  • Treat your password as if it’s going to be hacked – then create something that feels un-hackable
  • Use a reputable password vault, or a secure password keeper, that generates a different password for every service


  • Reuse the same password – this leaves you very exposed
  • Incorporate your date of birth
  • Write it down or share it with anyone
  • Use ‘Autofill’ in your browser

Worried about your password?

If you think your password has been compromised or that someone has hacked into your account, get in touch with us as soon as possible.

Add layers of safety

Think about protecting your account as a multi-layered process. Crafting clever passwords is worth the effort, but putting additional security measures in place can make a big difference too. 

Layers of protection are particularly important as more organisations move towards remote working. With people in your organisation using systems like Google Docs, Office 365 or cloud accounting systems, your organisation’s details could be at risk more than ever before.

How it could look

The password is one layer. Two-factor authentication is another. Anti-virus software is another, as are regular or automated software updates.

Never think of one piece of software as the complete answer. Instead, combine a number of security solutions to protect your details as much as possible.

Build the layers into your process

Design your system, then make sure everyone in your organisation is on board. This part is vital, as every member of your team needs to understand the importance of the security measures for them to be used properly.

Ultimately, you all want the same thing: for your funds to stay safe, and put to work for the people who need it most.

Pay attention to detail

Criminals will try to trick you into giving away your details by using fake information. The kind that could slip under your radar if you don’t look too closely.


How to spot a fake website

  • It won’t display the padlock symbol
  • No ‘https’ in the address bar
  • The company name in the URL may be slightly different from what you’d expect to see – this could be right down to one incorrect letter
  • It may be badly designed, with spelling or grammatical errors

How to spot a fake email

  • It will request something unusual or unexpected of you
  • The sender’s email address looks strange, clunky or unprofessional
  • Again, it may contain spelling or grammatical errors
  • For more tips on spotting scam emails, read our scam emails guide

Think you've received a fake CAF or CAF Bank email?

Forward it to us at

Update your web browser

This is a simple security move. Modern browsers add protection against fake websites, and they’re free to download. Try the latest versions of Google Chrome, Mozilla Firefox or Microsoft Edge. Safari is another good choice if you use a Mac.

Remember we're here to help

We may call you now and again to confirm a transaction – especially if there’s a large sum of money involved. We know you’re busy, but keep in mind that when we do call, it’s to protect your money.

Crucially, if we do ever think a fraudster has hacked your account – there’s every chance they’re still in there. So the sooner we contact you and work with you to protect your account, the better.

To learn more about this and the other terms of your CAF Bank account, see section 11.9 “Site and Internet Security” in the CAF Bank General Terms and Conditions.

Seen something suspicious?

Find out the best way to report it to us.

Contact us

More about fraud prevention

These links are a selection of further fraud prevention resources. CAF and CAF Bank are not responsible for the content on the following websites, or their availability. 

We support Take Five, a national campaign offering simple advice to protect you from fraud.

Explore Take Five’s resources

How to spot fraud and protect against it. Guidance for charitable organisations in England and Wales. 

Read the Charity Commission’s guidance

How to reduce the risks for your charity. Guidance for charitable organisations in Scotland. 

Read the Scottish Charity Regulator’s guidance

CAF Bank Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register number: 204451).

CAF Bank Limited Registered office is 25 Kings Hill Avenue, Kings Hill, West Malling, Kent ME19 4JQ. Registered in England and Wales under number 1837656.

Charities Aid Foundation © | Registered Charity Number 268369
25 Kings Hill Avenue, Kings Hill, West Malling, Kent ME19 4TA
10 St. Bride Street, London EC4A 4AD
Telephone: 03000 123 000