Charities are at risk of under-estimating online fraud, it’s claimed, during Charity Fraud Awareness Week.
Amie McWilliam-Reynolds, Assistant Director Intelligence and Tasking, from the UK regulator the Charity Commission said: “Online financial transactions, and online working generally, present a great opportunity for charities – whether in engaging supporters, raising funds, and streamlining their operations. This was demonstrated in particular during the pandemic, when the longer-term move away from cash to online fundraising accelerated. But online financial transactions and the collection and storage of personal data also harbour risk, and we are concerned that some charities may be underestimating that risk, and are therefore exposing their charity to potential fraud.
“We hope that projects like Charity Fraud Awareness Week help raise awareness among trustees and charity staff of the risks they may face, and of the advice and guidance available to support them in protecting their charity from fraud.
“Preventing and tackling fraud is not a ‘nice to have’. It is vital that every penny given to charity makes a positive difference, especially during these straitened times, when donors, charities, and those they support face mounting financial pressures.”
A survey for the Commission confirmed an under-reporting of incidents when they do occur. Only a third (34pc) of affected charities do report breaches. It’s important that charities get in touch, the Commission says, where there has been a serious incident, even where there may be no regulatory role for the Commission; as this helps the regulator to identify patterns in frauds.
Half of charities (51pc) held electronic records on their customers, while 37pc enabled people to donate online. As the Commission says, a greater digital footprint increases a charity’s vulnerability. The most common types of cyber attacks were phishing and impersonation (where others impersonate the organisation in emails or online). Around one in eight charities (12pc) admitted that they had experienced cybercrime in the previous 12 months; while a quarter, 24pc said that they have a formal policy in place to manage the risk.
For more about Charity Fraud Awareness Week, visit https://preventcharityfraud.org.uk/. For various training events visit https://preventcharityfraud.org.uk/events/.
Comment
Deryck Mitchelson, Field CISO at cybersecurity company Check Point Software, said: “Charities are often unprepared for the devastating consequences that cyber fraud brings such as loss of revenue, loss of reputation, loss of productivity and the unplanned costs of recovering from a breach. Attacks on charities are rarely targeted, rather they get caught up in mass phishing attacks that contain dangerous website links or an attempt to solicit sensitive information. There is a false narrative that cybercriminals will not attack charities on the principles of ethics, but unfortunately hackers view their targets as a business, and the business of cybercrime is ruthless.”
