The Charity Commission has issued an alert for charities about ‘mandate fraud’ (impersonation of staff)
The Commission has received reports from charities about fraudsters impersonating members of staff, specifically attempting to change employees’ bank details.
What to look out for
Requests to your HR department, finance department or staff with authority to update employees bank details, usually from a spoofed or similar email address to that of the subject being impersonated.
The fraudster often states that they have changed their bank details or opened a new bank account.
Protection and prevention advice
- review internal procedures regarding how employee details are amended and approved, especially those in relation to verifying validity
- if an email is unexpected or unusual do not click on the links or open the attachments
Email addresses can be spoofed to appear as though an email is from someone you know. Check email addresses and telephone numbers when changes are requested. If in doubt request clarification from an alternatively sourced email address or phone number.
Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you.The more information they have about your charity and employees, the more convincingly they can appear to be one of your legitimate employees.Always shred confidential documents before throwing them away.
Read more on the Charity Commission website : Alert for Charities – Fraudsters Impersonating Staff
Want to know more about preventing charity fraud? Read our blog: Top Tips to Prevent Charity Fraud