Charity Fraud Awareness Week 2024
Charity Fraud Awareness Week (25 to 29 November 2024) is dedicated to combating fraud and cyber-crime by raising awareness and sharing good practice.
In our latest blog, James Walsh, Enquiries Manager at the Charity Commission for Northern Ireland, highlights the importance of charities working to protect themselves against a particular type of fraud, cyber-attacks.
Blog: Charity Fraud Awareness Week
Every charity and not-for-profit is vulnerable to fraud and cyber-crime. These risks are not unique to charities, but the nature of the relationship which charities have with the public makes the prevention and detection of fraud and cyber-crime particularly important.
Charities need every penny they have, and no one wants to think their well-meant donation has ended up in the hands of a fraudster. There are other consequences too, such as harm to the charity’s reputation and the hard-earned trust it has built up, loss of key staff and a reduced morale in the workplace, as well as the stress and anxiety these crimes cause to individuals’ well-being.
Fraud can manifest in various forms, including issues related to donations, legacies, payroll, fake beneficiaries, financial misreporting, bribery, and corruption. The latest annual Charity Fraud Report 2024, produced by BDO and Fraud Advisory Panel, found that 50% of fraud in charities were committed by individuals within the organisation and 29% by persons with no connection to the charity.
One area that appears to be increasingly significant is cyber-related fraud. More than half (56%) of the survey’s 139 respondents, cited cyber-related fraud and cyber-security as their biggest concern.
A common motivation for cyber attackers is financial gain, whether it be through direct theft of money or acquiring items that can be exchanged for cash, such as personal data, intellectual property rights (IPR), credentials, or bank and credit card information.
Ransomware serves as a prime example, where malicious software makes data or systems unusable until the victim makes a payment. Often, attackers threaten to leak the compromised data online, heightening the urgency for victims. And these threats are very real. In April 2023, hackers targeted a Derry/Londonderry-based IT company, stealing data from various charities and community organisations.
Phishing is another prevalent tactic, in which attackers trick individuals into revealing sensitive information. This can occur through scam emails or text messages containing links to malicious websites designed to harvest passwords or facilitate unauthorised money transfers. The risk escalates as criminals leverage compromised accounts to further target individuals, expanding the number of people affected. The NI Cyber Security Centre highlights phishing attacks as “one of the most common cyber threats facing organisations today.”
Understanding where a charity may be vulnerable to fraud and cyber-crime should be an integral part of any charity's risk management approach, with the charity’s trustees taking steps to keep the charity’s money, people and data as safe as possible (prevention measures).
If you are a charity trustee, one of the steps the Commission recommend you consider is the creation of an anti-fraud policy, setting out the charity’s responsibilities around the prevention, detection of, and response to fraud.
You can find information on the purpose and scope of an anti-fraud policy on the Charity Fraud Awareness Week website here: Creating an anti-fraud policy - Prevent Charity Fraud. This site offers a wealth of additional resources, including helpsheets, on-demand webinars, case studies, and templates.
The NI Cyber Security Centre website is also a valuable resource, providing information and guidance on various types of cyber-attacks and how organisations can enhance their cyber safety, security, and resilience.
The Commission has an essential role as well. You can report suspected fraud in a charity to us by using our confidential Concern about a charity form. Actual fraud is ultimately a matter for the police to investigate and should be reported to the Police Service of Northern Ireland (PSNI).
We hope you never find yourselves in such a situation, which is why we encourage all charity trustees to take measures to protect their organisation. Fraud and cyber-crime can affect any organisation, but awareness and preparation can reduce the risks.