This website uses cookies for anonymised analytics and for account authentication. See our privacy and cookies policies for more information.





The voice of Scotland’s vibrant voluntary sector

Published by Scottish Council for Voluntary Organisations

TFN is published by the Scottish Council for Voluntary Organisations, Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh, EH3 6BB. The Scottish Council for Voluntary Organisations (SCVO) is a Scottish Charitable Incorporated Organisation. Registration number SC003558.

Is your charity a target for online fraudsters?

This opinion piece is over 9 years old
 

​Online security expert Stewart Thom assesses how you can keep your charity safe

Criminals are always looking for new ways to defraud their victims therefore everyone is a potential target.

We now place more personal and corporate information online than ever before. Public information online supports the techniques used by fraudster to target companies, charities or individuals.

An estimated £1.65 billion per year is lost across 842 UK registered charities due to fraud.

Fraud is not commonly associated with charity but the impact can be serious. Victims can face financial losses, cancelled projects, adverse publicity and the undermining of the personal commitment of all involved in the charity itself.

It is important to know how fraudsters operate, what to look out for and how to ensure you remain safe.

Don’t be a victim of fraud. Protect your charity and the great work that you do!

In email fraud(or phishing), fraudsters send an email to hoping to obtain your security details (eg full pin/passwords) or personal information. Usually, you are encouraged to click on a link or document within an email that either downloads malicious software onto your computer or directs you to a fraudulent website.

How can you protect yourself? First of all, beware of attachments contained within emails especially if it has .exe at the end. The attachment could contain a Trojan or virus that may infect your computer when opened.

Be cautious of links in emails, especially when it sends you to a banking website that asks for full pin and passwords. Banks will not usually include a link in an e-mail that takes you to the security log in pages for your online banking.

Consider what personal information you disclose online. Information can be used by a fraudster to impersonate you (known as identity theft) or target you for phishing email in an attempt to trick you into disclosing security information.

Malicious software (malware/trojan).Malware is software used to gather sensitive information. Trojans, a form of malware, are harmful programmes that steal information.

They can be installed from attachments contained in emails (phishing) or infected websites visited by users. Trojans can record and send to fraudsters information typed on a keyboard eg passwords typed when you’re logging into online banking, supplier details created on systems or credit/debit card details used to purchases goods and services online.

How can you protect yourself? Download specific security software to protect your computer from malicious software that compliments anti-virus and firewall controls. NatWest offers free security software called Rapport to its customers.

Text (smishing). This is when texts are sent to your mobile to try to trick you into clicking on a link that takes you to a fake website that attempts to obtain giving your security information eg full passwords or pins.

How can you protect yourself? First of all, don’t send sensitive information by text, such as your pin, password, account details or date of birth.

Be wary of links in text message especially if you are taken to a website that asks for full pin and passwords. Banks will not usually include a link in a text that takes you to the security log in pages for your online banking.

Telephone fraud (vishing) is where fraudsters trick you into divulging security credentials or card details over the telephone. The fraudster uses urgent language to convince you that your bank account has been compromised, often claiming there are fraudulent transactions pending, compelling you to take immediate action to prevent these from being paid.

How can you protect yourself? Never divulge your full security credentials (eg pin and passwords) over the telephone for your online banking. No matter how busy you are!

If you receive a suspicious call, use a different line to call your bank. Fraudsters can keep their line open, incept your call and pose as your bank.

Remember, never give your banking or personal information to anyone you do not know. Remember, the bank or the police will never ask for your full passwords, token codes, customer login credentials or cards pins.

If you are concerned that your business has been affected by fraud, contact Action Fraud, the UK’s national reporting centre for fraud and internet crime on 0300 123 2040 and your bank.

Don’t be a victim of fraud. Protect your charity and the great work that you do!

Stewart Thom works in security and resilience at RBS.