The Charity Commission recently advised charities to be aware of fraudsters impersonating charity staff in order to change employee’s bank details. The recently reported cases have all occurred where a request has been made from an account that is spoofed and looks very similar to the employee’s account, requesting the organisation to update their bank details with new bank details.
Actions to safeguard your charity from fraud
- Review your procedure for how you amend employees’ details and clarify how and when validity for change of details is verified. For example, you may decide this must be a paper request signed by the employee, and your HR administrator/book-keeper to clarify with the employee before administering.
- If you receive emails from unknown accounts, do not click on links in the email, and let all your staff and volunteers know not to do the same.
- If you receive unusual requests in emails, check the email address – it might look similar to the employee’s email address, but it might be spoofed.
- Whenever you receive requests via email to change financial details or make payments, always check the email address and ensure your financial procedures have a process to check validity of requests.
- Dispose of sensitive personal information securely, for example, by shredding it before disposing of it.
If your charity has been affected by fraud
- Further information available here from the Charity Commission
- If you would like to update your financial procedures, contact firstname.lastname@example.org.
- Financial Procedures are also a key element of Safe and Sound, find out more here.