What is Charity Fraud?
Charity fraud ranges from fraudulent bucket collections in the street, to the creation of fake charities for financial gain. Often, individuals or groups present false information, claiming to be a legitimate charity or associated with one. They then ask potential donors for financial contributions to the illegitimate organisation. Charity fraud also relates to deceptive business practice, like accepting donations without using the funds for the perceived purpose or asking for funds under false pretences.
Meanwhile charity cyber fraud encompasses deceptive tactics within digital realms, targeting charitable organisations. It involves methods like phishing, where fake emails deceive staff into sharing sensitive data or credentials. Ransomware attacks lock critical data, demanding payment for its release, disrupting vital operations. Fraudsters create fake charity websites, tricking donors into providing funds or details. Social engineering manipulates trust to extract confidential data. Breaching a charity's digital systems can lead to data theft, risking donor information.
According to Action Fraud, more than £2.7 million has been diverted from charities between November 2022 and October 2023, with 501 instances of charity fraud reported over the same time period.
Looking at the combined UK charity gross income compared to their expenditure, in 2011 the gross income was at £48.9 billion and expenditure was £47.4 billion. Comparing this with the 2020 figures, income was at £60.5 billion and expenditure was £58.7 billion, showing that although more donations were received by charities across the UK, the cost of keeping their services has also gone up, so more is being spent. Unfortunately the total income in 2021 fell to £56.9 billion with expenditure at £53.8, likely due to being the first full year in the pandemic so less donations were received and less services were being provided nationally.
The cost of living crisis currently means 24% of charities are preparing to reduce the volume and variety of services they offer this upcoming winter, meaning many people could lose out on vital services they depend on charities to provide. It is now more important than ever that you continue to donate to charities where you can, but be aware of fraudulent collections.
In today's tech-centric charity landscape, protecting against cyber threats like phishing is crucial. Whilst it may seem incomprehensible that criminals would attack charities, but that doesn't stop them.
Charities are often focused on their core mission, helping others, and this can lead to gaps in staffing and technology and funds are focused on delivering the charities goals.
Here are key steps for charities to safeguard themselves:
Training and Awareness: Educate staff and volunteers to spot phishing attempts through workshops and simulated exercises.
Strong Security Measures: Implement robust protocols like two-factor authentication, regular updates, and firewalls.
Caution in Communication: Encourage verifying unusual requests before sharing sensitive information, promoting a vigilant approach to communication.
Regular Audits: Conduct routine assessments to identify and fix vulnerabilities promptly.
Response Planning: Create a clear incident response plan to minimise damage and restore operations post-attack.
Expert Collaboration: Partner with cybersecurity experts to tailor strategies to the charity's needs.
Data Protection: Prioritise securing donor and beneficiary data using encrypted databases and limiting access.
Stay Informed and Adaptive: Stay updated on evolving cyber threats and adjust security measures accordingly.
Promote Security Culture: Encourage a culture where cybersecurity is everyone's responsibility and reward proactive behaviours.
Continuous Improvement: Regularly review and adapt strategies to stay ahead of emerging threats.
Giving Safely to Avoid Charity Fraud
There are many ways to donate to charities, whether that be online or in the high street. Luckily, there are also many ways to make sure the money you are donating is going to the right place:
On the High Street
- Ask to see their collection license: Almost all cash collections in public places require the collectors to hold a license, proving they are allowed to collect money on behalf of their organisation. More information about obtaining a collection license can be found here.
- Ask to see the collector’s ID badge: Most collectors from legitimate charities will be wearing their charity ID badge, identifying them and their position within the company. You should also be able to ask the fundraisers questions, with them being knowledgeable about the charity and the work they do.
- Check that the collection buckets are sealed: All collection buckets are legally required to be sealed. It is also good practice for the buckets to show the charities name and number. Any collections using tubs or buckets that are not sealed are likely fraudulent.
- If you need to set up a direct debit, provide only the bare minimum: Setting up a direct debit only required to give your account number and branch sort-code. Do not provide more information than necessary.
- Make cheques payable only to the charity intended: cheques should only be made out the registered charity bank account, and never to an individual. If someone asks you make a cheque out to a specific person, they are likely trying to make money by pretending to collect on behalf of a charity.
- Only donate through the charity’s own website: Always type in the charity web address into your browser yourself. Fraudsters may create fake websites and donation pages to make their scam seem legitimate, so do not use links provided in emails or those you have not searched yourself.
- At the ‘donate’ stage, check the page is secure: Addresses for donation pages should begin with “https” and show a padlock symbol next to them or in the bottom right-hand corner of your browser. If these are not shown, do not add any of your credentials.
- Watch out for emails asking you to donate: Sometimes charities do send out legitimate emails to make people aware of their current fundraising efforts, but they can only do this if you have signed up to their email list previously. If you have not heard of the charity, or have never dealt with them before, report the email by forwarding it to us at SERS@ocsia.im and mark the email as junk.
- Support individual fundraisers through known websites: If you wish to donate to someone raising money for a charity, do so through known fundraising websites. Fraudsters may still set up fake fundraising accounts through these websites, so only donate to people you know directly and trust.
As part of charity fraud awareness week, we are working alongside Riela Cyber and Computer Network Defence (CND) to offer charities a free cyber security consultation and staff awareness training events. More details can be found here.