The Charity Commission has warned charities to review their policies on how employee details are amended after several voluntary sector organisations reported fell foul of fraudsters.
In an alert issued today, the regulator said it had received four reports from charities that had fallen victim to fraudsters impersonating members of staff in order to change the bank details the charity had for them. All four suffered a financial loss.
The alert said fraudsters had been using spoof email addresses or ones that were similar to genuine addresses in order to make the requests.
Fraudsters often state they have changed their bank details or opened new accounts, the commission warned.
The alert advised charities to review their procedures for amending and approving employee details, particularly in relation to verifying if such requests are genuine.
It said charities should always ensure they shred confidential documents before throwing them away and warned that fraudsters can use sensitive information that has been posted publicly on the internet to attempt to carry out a fraud.
“Email addresses can be spoofed to appear as though an email is from someone you know,” the alert said.
“Check email addresses and telephone numbers when changes are requested. If in doubt, request clarification from an alternatively sourced email address or phone number.”
Alan Bryce, head of development, counter fraud and cyber crime at the commission, said: “We know several charities have been targeted by this fraud and we want to ensure others are equipped to protect themselves.
“So our message to charities is clear: read and understand our guidance on fraud, and check who’s sending an email whenever you receive a message about changes to staff bank details.”
Any charities that have fallen foul of such fraud should report it to the police through Action Fraud and to the commission as a serious incident.