Alert for charities – fraudsters impersonating staff
This alert provides information and advice to charities about mandate fraud (impersonation of staff).
We have received several reports from charities who have been targeted by fraudsters impersonating members of staff, specifically attempting to change employees bank details. In all these cases the request was made through an email.
What to look out for
Requests to your HR department, finance department or staff with authority to update employees bank details, usually from a spoofed or similar email address to that of the subject being impersonated.
With a strong social engineering element, the fraudster often states that they have changed their bank details or opened a new bank account.
Protection and prevention advice
- review internal procedures regarding how employee details are amended and approved, especially those in relation to verifying validity
- if an email is unexpected or unusual do not click on the links or open the attachments
Email addresses can be spoofed to appear as though an email is from someone you know. Check email addresses and telephone numbers when changes are requested. If in doubt request clarification from an alternatively sourced email address or phone number.
Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about your charity and employees, the more convincingly they can appear to be one of your legitimate employees. Always shred confidential documents before throwing them away.
We issued an alert in May 2019 that provides information and advice to charity trustees about cyber crime and how to report it.
If your charity has fallen victim to this type of fraud, or any other type of fraud, you should report it to Action Fraud.
Charities affected by fraud should also report it to us as a serious incident.
Serious incident reporting helps us to assess the volume and impact of incidents within charities, and to understand the risks facing the sector as a whole. Where appropriate, the Charity Commission can also provide timely advice and guidance.
The Charity Commission, the independent regulator of charities in England and Wales, is issuing this alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.
Latest News from
Regulator urges donors to support registered charities to help those affected by Covid-19 around the world29/07/2020 12:20:00
The Disasters Emergency Committee Coronavirus Appeal brings together 14 UK registered charities.
Charity Commission Annual Public Meeting28/07/2020 09:20:00
Charity Commission Chair, Baroness Stowell, CEO and other directors invite you to the Annual Public Meeting on Thursday 1st October 2020 at 11am.
Convenors of SORP engagement discussions announced09/07/2020 09:20:00
SORP engagement process begins as convenors are appointed to take forward discussions on the next SORP.
Charity Commission launches statutory inquiry over concerns at Devon homelessness charity07/07/2020 09:20:00
Regulator escalates probe into management and administration of Humanity Torbay.
Charities receive over £32 million from dormant trusts03/07/2020 15:10:00
Charity Commission and UK Community Foundations call for more charities to join programme to release charity money, as future funding announced by DCMS
Charity Commission concludes inquiry prompted by dispute at South London charity03/07/2020 09:20:00
Charity Commission criticises a group of trustees of Wimbledon and Putney Commons Conservators over long-running dispute.
Christ Church Oxford - mediation required by charity regulator29/06/2020 15:20:00
The Charity Commission has told both sides in the dispute to enter talks.
RNIB failures led to some children in the charity’s care being harmed, says watchdog26/06/2020 09:20:00
Charity Commission investigation finds serious mismanagement at the charity exposed some children in the charity’s care to harm and others to undue risk.