Mandate fraud is becoming increasingly common within charities, the Charity Commission has warned.
It comes after the regulator received several reports from organisations who have been targeted by fraudsters impersonating members of staff in the month of December.
Known as mandate fraud, this type of scam involves usually written requests to your HR or finance department to update employee bank details.
The request will normally be made out from a spoofed or similar email address to that of the individual being impersonated to avoid detection.
This type of fraud can be notoriously difficult to spot, especially over the busy festive period. However, there are preventative actions you can take to protect your charity from crime.
- Reviewing internal procedures on how employee details are amended and approved, especially those in relation to verifying validity.
- Raising awareness of cybercrime, particularly in relation to phishing, spoofing and mandate fraud.
- Double-check email addresses and phone numbers. If in doubt, contact the individual directly using the details you have on record.
- Dispose of confidential information correctly. Always shred documents containing sensitive data, such as names and phone numbers. This information can be used to defraud your charity.
The latest statistics suggest that around 15 per cent of smaller charities (those with an income of less than £100,000) experienced a phishing attack last year, while two per cent reported a virus and the same proportion reported fraudsters impersonating them in digital communications.