10 Jan 2020
The Charity Commission has issued an alert for charities about ‘mandate fraud’ (impersonation of staff)
The Commission has received reports from charities about
fraudsters impersonating members of staff, specifically attempting
to change employees' bank details.
What to look out for
Requests to your HR department, finance department or staff with
authority to update employees bank details, usually from a spoofed
or similar email address to that of the subject being
The fraudster often states that they have changed their bank
details or opened a new bank account.
Protection and prevention advice
- review internal procedures regarding how employee details are
amended and approved, especially those in relation to verifying
- if an email is unexpected or unusual do not click on the links
or open the attachments
Email addresses can be spoofed to appear as though an email is
from someone you know. Check email addresses and telephone numbers
when changes are requested. If in doubt request clarification from
an alternatively sourced email address or phone number.
Sensitive information you post publicly, or dispose of
incorrectly, can be used by fraudsters to perpetrate fraud against
you.The more information they have about your charity and
employees, the more convincingly they can appear to be one of your
legitimate employees.Always shred confidential documents before
throwing them away.
Read more on the Charity Commission website
: Alert for Charities - Fraudsters Impersonating Staff
Want to know more about preventing charity fraud? Read our blog:
Top Tips to Prevent Charity Fraud