The Charity Commission
Phishing is when fraudsters attempt to hoax users and get hold of sensitive information such as:
- usernames
- passwords
- credit card details
They do this through electronic communication like email, pop-up message, phone call or text message.
Action Fraud get around 8,000 reports of phishing each month, which shows the scale of these scams.
Charities, like any other organisation, can be at risk and we are urging trustees to be vigilant.
Its important to consider how to protect your charity from harm online. You can read detailed advice from government on improving cyber security. You can also find out how to become accredited under the Cyber Essentials Scheme.
If you think your charity has been affected by a phishing scam, whether it was prevented or not, report it to Action Fraud through their website or call them on 0300 123 2040.
If your charity has fallen victim to a phishing scam and lost sensitive data or valuable funds, you need to report it to us as a serious incident.
You can take this preventative action now:
- make sure charity software has up-to-date virus protection (though it will not always prevent you from becoming infected)
- dont click on links or open any attachments you receive in unsolicited emails or SMS messages. Fraudsters can spoof an email address to make it look like its from a trusted source. If youre unsure, check the email header to identify the true source of communication. Information on how to find email headers is available on the MX Toolbox website
- always install software updates as soon as they become available, they will often include fixes for critical security vulnerabilities
- if your current software does not offer an anti-spyware function, consider installing software which does, it can detect key loggers
- make regular backups of your important files to an external hard drive, memory stick or online storage provider. But, its important that the device you back up to is not left connected to your computer, as a malware infection could spread to that too
- if you suspect your bank details have been accessed, you should contact your bank immediately
The Charity Commission (independent regulator of charities in England and Wales) has issued this alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.