Fraudsters target charity businesses by impersonating staff

12 December 2019

A warning has been published on the Gov.UK pages to advise charities of an alarming new trend in which fraudsters are impersonating staff members, often attempting to amend employee bank details via email request.

Several different charities have reported the practice and the Charity Commission wanted to alert others in an attempt to prevent fraudsters from succeeding in committing these crimes and to combat payroll fraud within the charity sector.

The guidance given is to be wary of any requests to HR & finance departments in particular but also to any other staff members relating to changing bank details. Emails will have originated from an email address that looks very similar to that of the subject being impersonated. Emails relating to employee’s bank details will need to be rigorously checked to ensure that they are genuine and if there is any doubt the relevant employee should be contacted via a different channel, e.g. by calling them and asking if they have requested for you to change their bank details. If they have not, delete and discard the fraudulent email without making any amendments. The requests will often read like credible emails so extra precaution needs to be taken.

In order to prepare for and protect against cybercrime, charities should review the processes surrounding how employee details are amended and approved and how validity is verified. As with any other unusual looking or suspicious emails, attachments should not be opened, and links should remain unclicked as this is where systems can potentially be hacked.

Further advice provided is that all confidential and sensitive data should be shredded so that anybody external does not have access to it. The less information a fraudster has about a company, the harder it will be for them to successfully commit fraud and to impersonate members of staff.

If you should be in the unfortunate position of being targeted by fraudsters, the advice is to send a report to Action Fraud.

 It should also be reported to the Charity Commission and advice is provided here. Reporting the incidents to the Commission allows them to analyse the type of fraud, how often it is happening and the impact of these incidents so that the level of risk can be assessed on the whole and appropriate actions are taken to safeguard the charity sector.


Information provided in this news article may be subject to change. Please make note of the date of publication to ensure that you are viewing up to date information.