Skip to main content
Due to maintenance, some parts of the ACEVO website won’t be available on Wednesday 27 March, from 7–9am.
For urgent requests please email

Protect your charity from fraud

By Paul Nicoll, head of the society team, which leads on lending to charities at Triodos Bank UK

Staying alert to fraud is an important part of protecting your charity’s finances, but spotting the signs of a scam can prove difficult. Criminals seeking to commit fraud often use sophisticated techniques that can be tricky to detect until it’s too late.

Fostering a culture of fraud awareness can go a long way to protecting your charity from scammers. This includes making sure that staff – and volunteers – are aware of the signs and are regularly reminded of what to do if they suspect the charity is being targeted.

Let’s look at a few examples of fraud techniques often used to target businesses and organisations including charities.

Bank impersonation fraud

Many charities make their bank details publicly available to make it as easy as possible for people to donate, but having access to a charity’s sort code allows criminals to work out which bank they’re with. This means they can contact the charity pretending to be a staff member or new relationship manager.

Those who receive a call or email like this may not realise a criminal has actually approached them as bank impersonation scams can be incredibly convincing. Fraudsters can spoof caller IDs (so it appears they’re calling from the bank’s genuine telephone number) and create emails that look almost identical to genuine messages sent by their bank.

Posing as bank staff, they’ll tell the customer their account is under threat from fraud and may use tactics such as asking them to pay into a ‘safe account’ or to set up payments in order to ‘block the funds’. Whatever action they may ask for, criminals will usually try to create a feeling of panic to get the victim to act as quickly as possible.

Direct debit fraud

Having their bank details publicly available also makes charities more vulnerable to direct debit fraud, where criminals use the account number and sort code to set up long-term contracts for services such as insurance or DVLA payments. Larger organisations with numerous direct debits may take a while to notice this, by which time several payments may have been taken.

It’s a good idea to review your direct debit mandates at least monthly and check they are all genuine.

Senior manager impersonation fraud

Another unfortunate trend we’ve seen recently is a rise in what’s described as ‘senior manager impersonation fraud’. It’s where criminals impersonate senior staff members in an organisation (such as the CEO or financial director of a charity) and ask employees to make payments to an account managed by the fraudster, for example.

Criminals will often target those working in the finance department, claiming to need an urgent payment for a supplier, service or product. But they may also target HR or payroll staff, pretending to be a colleague asking for their salary to be paid to a new account.

It’s not just payments in cash either. Criminals claiming to be team leaders may ask for employees to purchase gift cards to ‘reward’ team members, telling them that they can claim the money back. Fraudsters often ask for these as it seems like an innocent request, but gift cards can easily be sold for cash online.

Protecting your charity

To help protect your charity from such activity, it’s worth reminding employees, plus any volunteers who you think could potentially be targeted, of some simple measures that can help stop fraud in its tracks.

  • Consider removing publicly available bank details and arranging other ways for people to donate. For instance, payment platforms such as PayPal or debit card payments are often a safer alternative.
  • Don’t assume that a call or email is genuine just because the contact already knows a level of detail about your charity’s banking services. Such information may have been captured illegally.
  • If anyone is unexpectedly contacted about suspicious activity on your charity’s bank account, they should either end the call or delete the email without clicking on anything. The next step should be to contact the bank using a telephone number on its website.
  • Train staff and volunteers on these types of scam and remind them never to bypass any existing security measures under any circumstances. For example, they should never skip checks and balances just because a purported manager tells them so.

By supporting your teams to be alert to fraud, you can help make your charity less vulnerable to these attacks.

How to report fraud

The first step is to let your bank know. You should also report it to Action Fraud – the UK’s national fraud and cyber crime reporting centre. You can reach them by calling 0300 123 2040 or report it online at

For more useful tips and advice, visit:

Share this

Not an ACEVO member?

If you have any queries please email
or call 020 7014 4600.

This website uses cookies to improve your experience. Privacy & cookie policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.