How to protect your charity from cybercrime

Fundraising NewsNews
Written By Tim Barnes

As a result of the pandemic, the last few years have seen charities rely more heavily on digital operations, including fundraising.

While digital fundraising is a quick, easy and effective way of soliciting donations, it brings with it an increased risk of cybercrime.

The evidence

Recent research from the Charity Commission found that, one in eight charities experienced a cyber-attack in 2022. This is a 38% increase on the previous year. The survey also highlighted a lack of awareness from charities of the risks they face, with just over 24% having a formal policy in place to manage them.

Cyber-attacks affecting a charity's services, funds, or compromising the sensitive data of donors can be devastating financially and reputationally, so, it’s crucial that charities protect themselves.

Types of cyber fraud

Phishing

Phishing is where cyber criminals, also known as hackers, use fake emails or text messages to trick users into sharing personal information such as bank details. Phishing attacks are often part of an impersonation scam i.e., criminals pretend to be real businesses to tempt people into sending money. 

If you or one of your staff click on a link in a phishing message, it will take you to a fake website. Viruses can then be downloaded onto your computer or mobile phone. A virus is malicious computer code that can corrupt systems, destroy data, or steal passwords.

Once your computer is infected, criminals can steal money from your charity. They can also access information such as donor email addresses and phone numbers.

How to spot phishing messages

  • Check the sender details in the message as it could be a spoof email pretending to be from a genuine person. Look for spelling alterations in the name, email address or website domain name

  • Check for grammar and spelling errors. They can indicate it’s not from a legitimate organisation

  • If the message includes a link, hover over it, but don't click, so you can see the preview of the site it’s sending you to

  • If it looks too good to be true, it probably is. Hackers will try to hook you in with irresistible offers

This article from IT Governance provides some handy tips and advice of what to look out for, along with some real-life examples.

Malware

Malware is malicious software that can destroy, damage, or exploit computer systems.
There are various types of malware including:

Viruses

A virus is malicious software that attaches itself to a computer attachment or file. It stays dormant until the attachment/file is opened. It can then spread throughout your computer system causing damage and data loss.

Viruses can be spread by scam email and text message attachments, and internet and app downloads.

Signs that your computer has been infected by a virus

  • Your PC runs slowly and programmes take a long time to open

  • It regularly freezes or programmes crash

You get unexpected pop-up windows that encourage you to visit unusual websites

Unknown programs start when you switch on your computer

Ransomware

Cyber criminals use ransomware to lock a device or steal information. They then demand a ransom to restore access or return the information. Payment is usually demanded via a crypto currency such as Bitcoin.

Ransomware can spread in various ways. Methods include clicking on malicious links in an email or using an infected USB flash drive.

A famous example of ransomware is the 2017 WannaCry attack. It targeted computers running the Microsoft Windows operating system. Users were told to pay Bitcoin to get access to their computer systems, effectively shutting down operations for many organisations.

Signs of ransomware

  • You receive suspicious emails that show signs of criminal activity (see the phishing section above for more information)

  • New file extensions are added to the end of your file names

  • Your computer is locked with a message demanding a ransom

The Government’s Cyber Essentials website has useful tips for defending against an attack, including securing your online connection with a secure firewall, ensuring devices are set to secure, using strong passwords, two-factor authentication, and encryption.

Educate yourself

One of the most effective ways of looking after your cyber security is to educate yourself and your team about the different tactics of cyber criminals.  

There’s lots of information, advice and free cyber security training on the National Cyber Security Centre website. There’s more advice and recommendations in the NCSC’s Cyber Threat Report for the charity sector.  

Looking for a savvy fundraiser who can sniff out a scam? We’ve got you covered. Give us a call on 020 3750 3111 or email us at info@bamboofundraising.co.uk to get the ball rolling.

Tim Barnes
Previous

‘Feel Good’ Fundraising - Abigail, the Mini Hooper
Next

Social Media Fundraising: Part One