How to Prevent Phishing Scams in Your Charity

Simple steps to help protect your charity from phishing attacks.

Phishing scams have become a significant threat to charities, especially as cybercriminals increasingly target organizations with limited cybersecurity infrastructure. Phishing involves fraudsters sending deceptive emails, often pretending to be legitimate entities, to trick recipients into revealing sensitive information or transferring funds to fake accounts. Here’s how your charity can protect itself from these scams:

1. Educate Your Team

Ensure that all staff and volunteers, not just those in finance, are aware of phishing risks. Provide regular training on how to identify suspicious emails and the importance of not clicking on unsolicited links or attachments. Encourage them to question any unusual requests, especially those asking for urgent payments.

2. Verify Requests

Phishing scams often come disguised as requests from high-ranking officials, such as the CEO or a board member, pressing for immediate payments. Always verify such requests through a second communication method, like calling the person or using a known contact number, to ensure the legitimacy of the request.

3. Check Email Authenticity

Be cautious with emails containing general greetings, poor grammar, or requests to visit external websites to “verify” personal or financial information. Always ensure emails come from trusted sources, and avoid clicking on suspicious links.

4. Secure Your Systems

Ensure that your charity’s computer systems are up-to-date with antivirus software, firewalls, and other security measures. Implement regular software updates to patch vulnerabilities that hackers could exploit.

5. Double-Check Financial Transactions

Before authorizing any payments or changes to financial details, verify that all payee details, including account numbers and sort codes, are accurate. Even small inconsistencies can be a sign of fraud.

6. Limit Publicly Available Information

Be mindful of what personal or organizational information is publicly accessible. Scammers often gather details from websites and social media to craft convincing phishing messages.

7. Report Suspicious Activity

If you suspect a phishing attempt or have already shared sensitive information, report the incident to your IT department or an external cybersecurity service immediately. Reporting these attempts can help prevent further damage and protect your charity from future threats.

By taking these steps, your charity can significantly reduce the risk of falling victim to phishing scams, protecting both your data and your reputation. Regular training and vigilance are key to staying secure in an increasingly digital world.