The dangers of phishing for charities

22 March 2023 - Paul Goddard

Phishing attacks are as dangerous as any other malicious act performed by internet hackers and are becoming increasingly sophisticated.

Here’s our guide to what to be aware of.

As more of the general public are becoming educated on cyber security and taking steps to reduce the chance of falling victim to an attack, said attackers are introducing new methods to lower people’s guards.

Go Phish! 

A staggering one in five people fall victim to scams every year and nearly 50% of adults have been targeted by a scam. Phishing is a method cyber criminals use to steal sensitive information by making the victim believe they are a trustworthy entity. It’s usually over email, but can involve websites and social media accounts, or even old-fashioned post through your letterbox. Attackers are able to fake their identity by using techniques such as email spoofing and can register an email address that looks very similar to one you would trust.

Effective phishing isn’t about being highly technical, but about being aware of the human condition and understanding how to lower someone’s guard merely through an email subject line. This is why there is a continuous evolution in phishing methods employed to catch people off guard.

In the past, criminals woud use scare tactics to retrieve sensitive information from unsuspecting victims, using approaches such as “your account will be deactivated if…” to grab people’s attention – a form of cyber extortion to which we’ve since been desensitised. Consequently, phishing campaigns have recently started to leverage the emotional effect charities have on the public. Figures from Action Fraud, the national reporting centre for fraud and cyber crime, show that from January to November 2022 almost £2.3 million was lost to charity fraud, money that charities desperately need.

Beware of the fakers

Televised disasters like the Grenfell Tower fire or school shooting incidents in the USA have been catalysts for cyber criminals, allowing them to tug at the heartstrings. With the speed at which news – real or fake – propagates through social media, along with the help of Twitter bots being used to interfere with trending hashtags, phishers were able to use these tragic events to their advantage.

The COVID pandemic was, unsurprisingly, an opportunity for cyber criminals to target new victims, with scam emails purporting to be from HM Government, asking for donations to the NHS as part of a “nationwide appeal in efforts against coronavirus”. The Charity Commission has also warned that the pandemic has created environments that are enabling charity fraud.

Fake donation emails and charity websites have started to become the norm for phishers, causing problems for more than just the victim. Donors are made to think they’re contributing to a legitimate cause, completely unaware that their donation is going into the pocket of fraudsters, not towards helping those in need.

Protect yourself and your donors

The best way to protect yourself and those who you interact with is to remain vigilant when reading an email, text message or a social media post about your charity. Make sure you have up-to-date virus protection software, don’t click on any links or open attachments if you don’t know where they have come from, and make regular data backups.

The message to donors is that if they want to donate it’s best to go directly to the charity’s website rather than through third parties. You can direct them to websites like’s Charity Commission or, which allows people to research charities and not for profit organisations, providing peace of mind that they are legitimate charities that aren’t going to disappear once they have clicked ‘send donation’.

If you come across what you think is a fake charity that is trying to scam you, the best thing to do is report it. For the charities who suspect they may have fallen victim to cyber fraud, Harvey Grenville, Head of Investigations and Enforcement at the Charity Commission, advises that they “report it immediately to Action Fraud and to the Commission. You can visit for advice and top tips on how to protect your charity against cyber-fraud.”

It’s important that phishing attempts are reported, not just deleted. Working as a community will help to fix this problem and ensure everyone’s donations are sent to legitimate charities instead of scammers.

Our charity and not for profit team is made up of experienced professionals who have been handpicked from within our business for their expertise in their specialist fields. We understand how important it is for charities to get it right, particularly as the sector remains vulnerable to so many risks.

From supporting trustees as they deal with regulatory requirements, to providing assurances that your organisation is operating as it should be, through an Internal Audit, we have advisory teams who can help you to manage and mitigate these risks, leaving you free to get on with helping the causes your charity was set up to assist.

Related news

Get in touch for forward-thinking, impartial advice

With offices in Bury St Edmunds, Colchester and Ipswich, we’re close enough for personal meetings with clients from anywhere across the East of England. Got something on your mind? We’ll be happy to listen and give you our thoughts.

Call us on 0330 058 6559
Email us at

Get in touch