Protecting your charity from fraud and cyber attacks during the pandemic

Article date
28 April 2020
Primary interest
Voluntary sector

Most of us are now spending a significant amount of time online, both for work purposes and to connect with family and friends. Unfortunately this has also led to more unsolicited online contact, fraud and cyber attacks against individuals and charities.

What can you do to protect your organisation, service users and yourselves online?

The government has issued this advice on how to protect yourself and your business from fraud and cyber crime.

This outlines a three stage approach of: Stop, Challenge and Protect, which essentially suggests a cautionary approach to unsolicited correspondence or online contact. It explains how to identify genuine emails and where individuals and organisations can go for help and report any incidents.

The Charity Commission also issued an alert to charities specifically, following reports of increased risk of fraud and cyber attacks on charities. The Charity Commission warned that all charities, especially those providing services and supporting local communities during the coronavirus crisis, could be targeted by fraudsters.

Fraud has included:
  • Purchasing PPE equipment and the goods not arriving once the financial transaction has been completed. 
  • A charity employee working from home receives an email purporting to be from a legitimate company providing services for the charity. The email asks that future payments be made to an alternative bank account, which is controlled by the fraudster.
Top tips to stay cyber safe
  • Review any existing security and signing/authorising procedures, and enhance these as needed. If you would like help with reviewing financial procedures, please contact
  • Staff, trustees and volunteers to take a cautionary approach as described in the three step process above: Stop, Challenge, Protect.
  • Never click on links in unsolicited emails or reply to the email if you are concerned it is not genuine.
  • If in doubt, individual staff, volunteers and trustees should always check directly with individuals in their organisations through usual telephone or email addresses.
  • Read previous good practice guidance here from the Charity Commission on how to spot and protect against cyber crime.