The Charity Commission has issued an alert to charities, warning of the potential impact phishing scams can have on organisations.
Phishing is when fraudsters attempt to hoax users and get hold of sensitive information, such as usernames, passwords and credit card details. They do this through electronic communication like e-mail, pop-up messages, phone calls or text messages.
Every month, Action Month claims to receive around 8,000 reports of phishing, highlighting the scale of such scams among both individuals and organisations.
The Commission has noted that like any organisation, charities are at risk and trustees need to make sure they are vigilant to prevent fraud from causing any damage. The Commission has rounded up their top tips for helping you to keep your charity safe:
1. Make sure your charity software has up-to-date virus protection (although it won’t always prevent you from becoming infected)
2. Don’t click on links or open attachments you receive in unsolicited e-mails or SMS messages. Fraudsters can ‘spoof’ an e-mail address to make it look like it’s from a trusted source. If you’re unsure, check the e-mail header to identify the true source of communication.
3. Always install software updates as soon as they become available, they will often include fixes for critical security vulnerabilities.
4. If your current software does not offer an anti-spyware function, consider installing software which does, it can detect key loggers.
5. Make regular backups of your important files to an external hard drive, memory stick or online storage provider. But, it’s important that the device you back up to is not left connected to your computer, as a malware infection could spread to that too.
You can read detailed advice from government on improving cyber security here. You can also find out how to become accredited under the Cyber Essentials Scheme.
If you think your charity has been affected by a phishing scam, whether it was prevented or not, report it to Action Fraud through their website or call them on 0300 123 2040.
If your charity has fallen victim to a phishing scam and lost sensitive data or valuable funds, you need to report it to us as a serious incident.