Coronavirus (COVID-19): increased risk of fraud and cybercrime against charities
Fraudsters are exploiting the spread of coronavirus (COVID-19) in order to carry out fraud and cyber-crime. Police have reported an increase in Coronavirus related scams.
The SCC are issuing this alert to help charities minimise the risk of becoming a victim of such frauds and cyber-attacks. All charities, but especially those providing services and supporting local communities during the Coronavirus crisis, could be targeted by fraudsters.
There are a number of ways in which charities can be defrauded. Some scams involve the sale of vital personal protective equipment (PPE), such as face masks and gloves, online. Carry out due diligence if you’re making a purchase on behalf of your charity from a company or person you do not know. Discuss with fellow trustees, colleagues or volunteers if you’re unsure. Action Fraud guidance about shopping safely online.
Mandate or Chief Executive Officer frauds
Always be cautious if you are asked to make changes to bank details or make payments to a new account. Wherever possible, follow your charity’s validation procedures and check the authenticity of such messages before making any payments or actioning banking changes.
Example of this type of fraud
A charity employee working from home receives an email purporting to be from a legitimate company providing services for the charity. The email asks that future payments be made to an alternative bank account, which is controlled by the fraudster.
Scam emails (‘phishing’)
Be vigilant. Do not click on links or attachments in unexpected or suspicious emails. Never respond to unsolicited messages or phone calls that ask for your personal or financial details.The police have already noted an increase in phishing attacks.
Example of this type of fraud
Fraudsters claim to be from a legitimate organisation and able to provide information that could be of assistance to local charities, such as a list of at risk elderly people in a local community who may require support from the charity. The victim has to click on a link to get the information. This leads to a fake website or asks the victim to make a cryptocurrency (such as Bitcoin) payment.
Unsolicited offers of goods, services or financial support (advanced fee fraud)
Always question unsolicited offers of goods or other financial support where an advanced fee payment is required. Just because someone knows your name and contact details, it does not mean they are genuine. Don’t be rushed or pressured into making a decision that could harm your charity or your beneficiaries.
Protect your devices
Always install the latest software and app updates to protect your devices from the latest threats.
Consider if you need to take any extra steps if you have staff working at home.
Ensure that you keep people safe by protecting the personal data of staff and beneficiaries when using, or switching to, digital communications and delivery platforms.
Reporting fraud and cybercrime
If your charity is a victim of fraud or cybercrime, aim to report it promptly to:
Read the Commission’s guidance for more information and advice about how to protect your charity from fraud and cybercrime.