Criminals are increasingly targeting charities in more and more sophisticated frauds. Charities are often targeted as they tend to have smaller finance teams, with fewer people taking on multiple duties and in some cases use volunteers to complete key roles such as treasurers.
Two of the most common fraudulent scams currently are:
• Phishing scams. Emails purporting to be from senior members of the organisation, suppliers or financial institutions asking for sums of money to be transferred immediately, asking for information relating to the charity’s bank account or asking for information to be changed/uploaded via links to a website. The criminals in some cases have been monitoring the charity’s emails for some time and therefore they may reference information that is not publicly available, such as settlement agreements for staff, specifics in relation to capital projects etc.
• Vishing scams. Telephone calls from criminals pretending to be from your bank and then obtaining vital account information. The Highland Hospice has recently been defrauded of £500,000 by such a scam which left numerous Highland organisations out of pocket by £2.5m in just 11 days.
Things to look out for:
• Emails/calls from your bank asking for you to provide account information or change account information.
• Emails from senior members of the charity’s executive team asking for sums of money to be transferred immediately to a new supplier or current supplier but with different bank details.
• Any emails/letters with poor grammar or spelling mistakes purporting to be from a supplier or bank.
• Emails with links to websites asking you to provide account information.
What can be done to reduce the risks?
If you receive an email notification (or a letter) from a supplier mentioning a change of bank details, make sure you call someone at the supplier that you know to check the details. Don’t reply to the email or call any numbers listed on the email or letter, you could be communicating with a fraudster!
Don’t ignore controls that are in place, no matter who is asking you to. Financial controls are there for a reason and should be followed, if you receive an email from a senior member of the executive team, call them to check the instructions and then follow the controls in place once confirmed. A quick 2 minute phone call could save your charity thousands!
See if your online banking can provide a report which lists bank accounts which have been changed. This will allow you to check which accounts have been changed before supplier runs are processed.
Keep your staff up to date with training in relation to fraud. The Charity Commission has published a great guide to internal controls and a handy checklist to ensure your charity’s controls are as robust as possible:
Make sure your IT systems are up to date and covered by adequate anti-virus software. Consider whether an IT review would be of benefit to the charity to identify any potential weaknesses in the systems.