A regulatory alert has been issued by the Commission, warning charities to protect themselves against “phishing” scams.
“Phishing” scams involve fraudsters seeking to obtain sensitive information such as passwords, usernames, bank details or other financial information by electronic means (including emails, pop ups or fake websites) from seemingly trustworthy sources.
The alert states that Action Fraud, the UK’s national fraud and cyber crime reporting centre, receives approximately 8,000 reports of phishing each month, and sets out the steps that charity trustees should take to protect their charity from phishing attempts, including:
§ Make sure the charity’s software has up-to-date virus protection
§ Install software updates as soon as they become available
§ Consider installing software offering an anti-spyware function
§ Don’t open attachments or click on links in unsolicited emails
§ Make regular back-ups of your important files to an external hard drive or similar.
It also signposts some other sources of information to help protect charities from online threats, including a link to the NCSC’s guidance “10 Steps to Cyber Security”.
If a charity is the victim of a phishing scam, you should report this to Action Fraud, and if the charity has lost valuable funds or sensitive data it will also be necessary to make a serious incident report to the Commission. For more information on making a serious incident report, see our previous post.
With Charity Fraud Awareness Week taking place from 23 – 27 October 2017, there are also plenty of resources available to charity trustees wanting to know more about protecting their charities from online and other fraud available from the Fraud Advisory Panel.