Online security

SCAM EMAILS

Spot the tell-tale signs of fraudulent emails

Download our infographic

INTRODUCTION

Government statistics* show that nearly half of all UK organisations suffered a cyber attack or breach in the past 12 months. And the most common forms of attack or breach were through fraudulent emails. We’ve produced this guide to help you avoid falling prey.

* Cyber Security Breaches Survey 2017

 

HOW DO SCAM EMAILS WORK?

Scam emails attempt to obtain sensitive information such as usernames, passwords, bank details (and money) by fraudulent means - disguising an electronic communication to look as if it's been sent from a trusted person or organisation.

Also known as 'phishing', these scams can come in many forms. For instance, criminals may impersonate a senior manager by spoofing an organisation’s email accounts, to dupe a staff member into executing unauthorised financial transactions. Some trick employees into making a payment into a fraudster’s account by claiming to be an existing supplier whose payee details have changed.

Charities are just as vulnerable to the threat of scam emails as other organisations, as one of our customers can testify. This charity received an email that appeared to be from an existing supplier, notifying them of a change to the supplier’s payee details and requesting a payment for services provided. As this was a known supplier and the email was from a recognised address, the payee details were changed and payment sent. However, this was a scam by a criminal who had hacked into the supplier’s email account and provided fraudulent bank details.

The scam was discovered when the genuine supplier chased payment. The customer alerted us about the fraudulent payment and we are in the process of attempting to recover the funds from the beneficiary bank.

 

SPOT THE WARNING SIGNS

Anatomy of a scam email

Fraudsters are using increasingly sophisticated techniques to disguise the malicious intent of their scam emails.

Download our infographic to help you spot the tell-tale signs of a fraudulent email.

Online test

Think you are too smart to be scammed?

See how well you can spot simulated fraud attempts. Try out this online test (links to an external website) from Take Five, a government backed national fraud awareness scheme led by Financial Fraud Action UK, part of UK Finance.

2280D_Scam-Emails-Article_600x600px_250118.

PROTECT YOUR ORGANISATION

Be alert to scams

Seven top tips

  1. Information requests - Never share your security or login details with anyone. Your bank will never ask for your PIN number or full password for telephone and online banking.
  2. Source checks - Only disclose personal or financial details to service providers you trust, are expecting to be contacted by and after checking their legitimacy. Call the organisation using known contact details you hold or displayed on its corporate website.
  3. Pressure tactics - A genuine bank, trusted supplier or the police will never coerce you into disclosing confidential information or making an urgent payment. If you feel pressured or suspicious, trust your instincts. Reject the request and delete the message.
  4. Links and attachments - Never click on links or open attachments in an unexpected or suspicious-looking email or text message.
  5. Password protection - Use strong passwords that are difficult to guess. Set up a different password for each website, app and service you use.
  6. Authorising payments - Make sure you and/or a trusted colleague check the authenticity of payment instructions received from senior managers and suppliers.
  7. Raising awareness - Encourage a security conscious culture, through counter fraud measures, robust financial controls, and briefings and training for staff and volunteers.

REPORTING ATTEMPTED FRAUD

CAF's security centre provides more tips about how to protect yourself and your accounts from fraud.

If you suspect your organisation’s bank accounts have been exposed to fraud or cyber attack, call our customer service team without delay on 03000 123 456 or email scamreporting@cafonline.org

If you believe your organisation has become a victim of fraud of any kind, please report it to the Action Fraud helpline on 0300 123 2040.

EXTERNAL SOURCES OF GUIDANCE

The following links are to external websites offering further coverage of this topic. CAF has not reviewed, does not control and is not responsible for these websites, their content or availability.

Action Fraud - The national fraud and cyber crime reporting centre.

The Charity Commission - How charities can identify fraud risks, recognise fraudulent activity and prevent fraud occurring.

Charity Finance Group - A guide exploring the measures that small charities can take to prevent fraud. 

Cyber Essentials - A government backed cyber security certification scheme. Five basic controls to put your organisation on the path to better cyber security.

Take Five to Stop Fraud - Impartial advice and guidance on how to protect yourself against financial fraud.

OTHER ONLINE SECURITY GUIDANCE

Deception scams


Fraudsters are masters of deception. This guide examines how common scams work and what to do to avoid being duped.

Phishing scams


Phishing scams can defraud charities of funds earmarked to further their mission. Pick up simple tips to help you avoid becoming a victim.

Malware and ransomware


Computer viruses can have a devastating impact on a charity's operations. Reduce the risk of your organisation being infected by harmful software.

CAF Bank Limited (CBL) is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered office is 25 Kings Hill Avenue, Kings Hill, West Malling, Kent ME19 4JQ. Registered under number 1837656. CBL is a subsidiary of Charities Aid Foundation (registered charity number 268369).