Steps charities can take to avoid becoming victims of coronavirus-related fraud and cybercrime

The coronavirus crisis has led to a marked increase in fraud and cybercrime across many sectors, including charities and not-for-profits, as some seek to take advantage of the new vulnerabilities it has created.

Cybercriminals are targeting charities and not-for profits

Many third sector organisations have been filling in where the public and private sectors have been unable to meet basic needs but this has left them open to cybercrime. Some have found that this new activity makes them a target for criminals, who purport to help the organisation to provide those services while in fact opening them up to theft or fraud.

With this in mind, the Charity Commission has published guidance (available here) specifically aimed at how organisations can minimise the risk of being exploited through cybercrime. Some of the key steps organisations can take are:

• Look out for scam emails and phishing attempts: There has been a significant rise in phishing attacks since the outbreak, so try to be aware of this possibility whenever using email. Do not click on any suspicious links or respond to unsolicited communications asking for financial or personal details. It is also essential to make sure all staff are aware of the common signs that can give away a phishing attempt – in particular:
  • an invitation to click on a link or provide bank account details,
  • a note of urgency, or
  • a suspicious email address.
• Protect your devices: Ensuring that the latest software updates are installed on all computers, tablets and work phones minimises the chances of criminals being able to take advantage of vulnerabilities in software.
• Be wary of offers to help with procurement: There have been many instances of vendors purporting to sell personal protective equipment (PPE), accepting funds from victims and then not delivering the promised goods. There has been an increase in costs globally for PPE, so something to look out for is PPE available at very low prices. As the familiar saying goes: if it seems too good to be true, it probably is. Make sure to carry out due diligence on all vendors and, if in doubt, discuss potential purchases with others involved.
• Look out for mandate or CEO fraud: If another organisation asks you to transfer funds to different a bank account from the one you would expect, you should take steps to check the authenticity of the request, for instance by calling them to verify the details over the phone.
• Question unsolicited offers and requests for advanced payment: Where you are offered goods, services or financial support and are asked for advanced payment, always take steps to ensure that the offer is genuine and never feel pressured into making a decision.

Many fraudsters use pressure-selling tactics such as stating that there are a limited number of items available or informing you that a large number of other people have already purchased today to encourage you to decide to buy in the heat of the moment.

Also helpful is a pre-recorded webinar which the Charity Commission has produced jointly with the Fraud Advisory Panel, with fraud experts from the City of London Police and the Chartered Institute of Public Finance & Accountancy. This contains a range of practical advice and tips and can be accessed here on the Charity Fraud Awareness Hub.

As always, if your organisation does become the victim to fraud or cybercrime, you should make sure to report it promptly to both the Charity Commission and Action Fraud.

If you would like any support or assistance with the above, or with any other challenges your charity is currently facing, please let us know. Blake Morgan has a wide range of teams that can help you with managing the challenges presented by coronavirus.

Our charity team has a particular expertise in risk management for charities and we offer some guidance on this on our dedicated page here.

If you have any queries about the guidance above, or there are any other issues we can help you with, please do get in touch with Ben Brice or Laura Sherratt.