Alert issued to charities following increase in mandate fraud

The Charity Commission has issued an alert and advice to charities about mandate fraud, following the receipt of several reports from targeted charities.

As a result, it has asked charities to be careful with requests made to the HR department, finance department or staff with authority to update employees bank details, usually from a spoofed or similar email address to that of the subject being impersonated.

“With a strong social engineering element, the fraudster often states that they have changed their bank details or opened a new bank account,” the Commission warned.

It has advised charities to review internal procedures regarding how employee details are amended and approved, especially those in relation to verifying validity.

“Email addresses can be spoofed to appear as though an email is from someone you know.

“Check email addresses and telephone numbers when changes are requested. If in doubt request clarification from an alternatively sourced email address or phone number.”

The Commission has also cautioned that sensitive information posted publicly, or disposed of incorrectly, can be used by fraudsters to perpetrate fraud. 

“The more information they have about your charity and employees, the more convincingly they can appear to be one of your legitimate employees.”

If your charity has fallen victim to this type of fraud, or any other type of fraud, you should report it to Action Fraud.