Welcome to CAF Bank

The bank dedicated to supporting charities and social purpose enterprises. So we understand what you need.

Current account Savings Loans Security centre Help About us
Online security

Malware and ransomware

Take action to keep your organisation secure and reduce the risk of fraud.

How to defend your organisation

Malware and ransomware can disrupt services, lock staff out of systems and put sensitive data at risk. Fraudsters often target organisations that rely on trust, hold personal information and need to keep services running. 

A recent example shows how serious the impact can be. In 2024, Albyn Housing Society, a Scottish housing charity, disclosed a ransomware attack after attackers gained unauthorised access to its systems and later published stolen data when extortion demands were not met. The incident disrupted services and exposed personal data relating to tenants and staff. 

This guide sets out simple ways to strengthen your organisation’s defences, reduce the risk of malware and ransomware, and respond quickly to warning signs.  

What is malware?

Malware (including viruses) is malicious software that is designed to disrupt the safety, accuracy and accessibility of your computer system or mobile device. Everyday actions can introduce malware into your organisations systems. For example, you might unknowingly install it when you:

  • Open an email attachment
  • Click a link in an email
  • Visit an unsafe website
  • Plug in a USB storage device

Fraudsters can use malware to stay hidden on a device and collect sensitive information, such as passwords, account details or security codes.

Malware is a general term for harmful software. Ransomware is a type of malware that blocks access to your data or systems and demands payment to restore access. 

Warning signs

Look out for these common signs of malware and ransomware:

  • Your device starts behaving unusually: Your computer, phone or tablet may suddenly run very slowly, freeze, or crash more often than usual.

  • You lose access to files or systems: You may not be able to open files or access systems you normally use, or you may see a demand for payment to regain access. 

  • You see unexpected account or security activity: You may notice unusual login alerts, password reset messages or changes you did not make to your accounts or settings.

  • Pop‑ups or messages you were not expecting: You may see warnings or instructions telling you to download software or take urgent action.

How to protect your organisation

1. Use built-in security protections on your devices and internet connection

Most computers, phones and tablets include built-in security features, such as security software and firewalls. Your internet router also plays an important role in keeping your connection secure. 

Switch these protections on, keep them up to date, and protect them with strong passwords. This helps reduce the risk of unauthorised access and lowers the chance of malware reaching your systems when you use the internet, email or online banking. 

If a device or router alerts you to a potential security issue, follow the instructions provided. If you feel unsure, seek advice from your IT support team or provider before taking action. 

2.Stay alert to phishing and other scams

Many malware and ransomware incidents start with phishing emails, text messages or phone calls. Make sure staff, trustees and volunteers know how to spot:

  • Suspicious messages
  • Unexpected attachments
  • Urgent requests
  • Links asking them to log in or share information

Encourage everyone to stop, check and report anything that does not feel right.

3. Keep devices and software up to date

Install updates as soon as they become available. Updates often fix security weaknesses that criminals try to exploit. 

Where possible, set devices and applications to update automatically. 

4. Protect accounts with strong passwords and extra security

Use strong, unique passwords for email, banking and other important accounts. 

Where available, switch on extra security such as multi-factor authentication. This adds an additional check before access is granted and helps prevent criminals from using stolen passwords. 

Reporting attempted fraud

Visit our security centre for more tips on protecting your organisation and accounts from fraud.  

If you suspect fraud or a cyber-attack may have exposed your organisation’s bank accounts, please call our customer service team straight away on 03000 123 456 or email scamreporting@cafonline.org 

If you believe your organisation has become a victim of fraud, report it to the Report Fraud helpline or Police Scotland

External sources of online security guidance

The following links are to external websites offering further coverage of this topic. CAF has not reviewed, does not control and is not responsible for these websites, their content or availability.

  • Report Fraud - The national fraud and cyber crime reporting centre for England, Wales and Northern Ireland.
  • The Charity Commission - How charities can identify fraud risks, recognise fraudulent activity and prevent fraud occurring.
  • National Cyber Security Centre - A more in-depth guide on ten steps to malware prevention.

CAF Bank Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register number: 204451).

CAF Bank Limited Registered office is 25 Kings Hill Avenue, Kings Hill, West Malling, Kent ME19 4JQ. Registered in England and Wales under number 1837656.