With many charities managing a surge in demand for their services, it can be easy to let your guard slip. Clicking on a malicious link in an email is all it may take to fall victim to a scam. Its consequences could be devastating for your organisation and its work.

Fraud threats evolve all the time. Knowing which warning signs to look for can help keep your organisation secure. Often a combination of methods are used to build trust. Here are the common types of fraud, and how to spot them.


Fraudsters will use a range of techniques to trick you into sharing banking information or transferring money – usually over the phone, by email or text message. These tactics to prey on people’s trust are known as social engineering.

Warning signs

  1. Resist pressure – a criminal will try to prompt you into action by creating a sense of urgency or making you feel guilty. For example, would a senior manager really email you to arrange an emergency payment?
  2. Beware of emotion – social engineers may speak or act emotionally to try and dissuade you from challenging them.
  3. Check who you’re talking to – they can often imitate your colleagues, partners, suppliers or friends. If something seems unusual or out of character, contact that person yourself, using known contact details.
  4. Be suspicious of saviours – a fraudster may contrive a problem for you, then offer to resolve it in exchange for your information or money.
  5. Don’t divulge information – if you don’t know who you’re talking to, don’t answer their questions. What might seem innocuous can help them collect sensitive data, so beware.



With more information being shared online all the time, it’s now possible for fraudsters to find out who your suppliers and clients are, then start sending fake invoices.

These attempts can be convincing and can catch the unwary off guard. It often begins with a simple email request to amend payee details for a transaction, from what appears to be a genuine contact.

Visit Financial Fraud Action UK for more insight on how to avoid paying fake supplier invoices.


Malware is the common name for malicious software – often installed onto your computer without your knowledge as a way for hackers to access your data. Common symptoms are a slow computer, pop-up messages or being re-directed to malicious webpages.

Spyware is a specific type of malware that monitors and logs your activity to steal personal information without you realising. Discover simple tips for safeguarding your charity or non-profit.


Phishing is when fraudsters send emails embedded with links to websites where you’re asked to provide confidential personal or financial information. These emails can be designed to look legitimate and the website may even look like one you’re familiar with.

If you’re in any doubt, don’t reply. And never click on links in an email that you are not expecting or looks suspicious in any way. The best solution is to contact the company in a way using known communications details for them.

If you get an email claiming to be from us asking for personal information or your Online banking log-in details, forward it straight away to us at:


If you receive a phone call from someone asking for your personal information, then you’re likely the target of a vishing scam. Normally, the caller will claim to be bank staff, police or someone else in a position of trust.

During the call they will quickly try to convince you to transfer your money to protect it from some other imagined threat. They will typically ask you to withdraw cash and hand it over to the fraudster, or share personal financial information they can use to access your finances.

Protect yourself from phone scams

  • Be wary of unsolicited calls – especially if you’re asked to provide personal information.
  • Don’t be afraid to hang up – if you’re suspicious or feel vulnerable, simply end the call. They may stay on the line, so make a call to a colleague to make sure the fraudster isn’t still connected.
  • Watch out for call spoofing – fraudsters can fake the telephone number shown on your caller ID to make it look like a genuine bank telephone number. If you’re suspicious at all, contact us yourself on 03000 123 456 (between 9am and 5pm Monday to Friday, except English public holidays).
  • Never share your details – we will never ask you for your PIN number or full security details over the phone.
  • Don’t give out your card – we’ll never send someone to collect your Business card from you.


And always remember that the criminals may already know your name, address, or account sort code – this only means they’ve done their research. If a call sounds suspicious, it probably is.


CAF's security centre provides more tips about how to protect yourself and your accounts from fraud.

If you suspect your organisation’s CAF Bank accounts have been exposed to fraud or cyber attack, call our Customer Service team without delay on 03000 123 456 or email

If your CAF Bank Business card is lost or stolen, or you suspect fraudulent activity on your account, please call our Lost and Stolen number right away on 03000 123 606. This service is available at all times. To arrange a replacement Business card, please telephone our Customer Service Team on 03000 123 456 (Monday to Friday, 9am - 5pm, except English bank holidays).

If you believe your organisation has become a victim of fraud of any kind, please report it to the Action Fraud helpline. Scottish charities should report fraud to Police Scotland, by dialling 101 straight away.

CAF Bank Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register number: 204451).

CAF Bank Limited Registered office is 25 Kings Hill Avenue, Kings Hill, West Malling, Kent ME19 4JQ. Registered in England and Wales under number 1837656.