News & Blog


Fraud is a growing risk for charities, so it is important for trustees to be able to spot a threat.

How often do you hear about fraud in the news? Sadly, in today’s world it happens too often and anyone with an internet connection or an email address is at risk. 

Because you are a charity, the fraudsters are perhaps more likely to target you as you may be considered more trusting or indeed polite than other members of society. 

If you work or volunteer for a charity, particularly in a financial position, then you are especially at risk. Remember, you are a steward for your charity’s funds and you could be potentially liable for any negligent losses.

Fraud can also affect your charity’s public reputation. You are duty bound to report a data breach to the ICO (The Information Commissioner’s Office). Your charity could be publicly named and shamed by the media. 

As an example, it is relatively easy for a charity treasurer to be exposed to fraud. Your charity email address may not be so hard for a criminal to decipher, it may simply be:

treasurer@your charity’s website domain

When you go through your email inbox, what scams or frauds might be waiting for you? And what can you do to be prepared?

1. Learn how to spot a phishing email

A phishing email is a fraudulent email which a criminal uses to try to get sensitive information from the recipient.

You may receive a message with a link to click on or an attachment to open. Before you click, just pause for a few seconds. Could it be a phishing email?

Here are some quick checks to carry out:

  • Have you received an email from this sender before? 
  • Would the familiar sender usually informally address you using your first name or does this look more official or impersonal? 
  • What about the language? Is the grammar correct? 
  • Is the email asking for something like a loan or a bill to be paid? 

If you click on the link, it could invite a fraudster into your computer and confidential information could be compromised. You can always pick up the phone as a means of verification. If you think it is suspicious or fraudulent, just delete it and/or report it to Action Fraud

2. Look out for fraudulent invoices

As a treasurer, you may have to pay contractors or suppliers who send invoices by email. Did you know that non-encrypted email is not 100% secure? What if the email with the original invoice is intercepted before reaching you? The bank details for the payment may have been changed. All it takes is for you to pay the fraudsters into their own bank account and the money is gone. 

Why not call the supplier to check the bank details before paying? Remember, the fraudster may have put their own telephone number on the false invoice so check the number (on the company’s website, for example) before calling.  

3. Be aware of investment scams

Have you seen an investment opportunity that looks too good to be true? It probably is. We hear so many stories of investment fraud victims. People can become seduced by investment scams promising high returns often described as free of risk. These great opportunities simply don’t exist. I would like to think that no regulated investment firm would ever make such unfounded claims. 

Visit the Financial Conduct Authority’s Scam Smart website and familiarise yourself with what’s out there at the moment.

4. Use strong passwords

Your password should not be ‘password’ or the name of your house or pet. If you see a post on Facebook asking readers to tell everyone the name of their favourite pet, it could be scammers trying to work out what your password is. 

Instead, use an obscure password with lots of $%”&!* coupled with numbers and words using both upper and lower cases. You can also explore using a random password generator website to pick one for you.

These are just a few examples to be aware of. 

When it comes to internet fraud, your compensation recourse remains very limited, especially if the criminals operate from another jurisdiction beyond the reach of the UK Police. 

Modern IT systems are designed to make everything more time efficient. However, technology unfortunately also makes it easier for the criminals to get their hands on your charity’s valuable financial resources.

Think twice when you receive that email and do check the stated bank details on that invoice before making any payments. Let’s all be careful out there.

For advice on these issues, please contact me or your usual Thomas Westcott advisor.

Thomas Westcott Chartered Financial Planners is a trading style of Thomas Westcott Financial Management Ltd which is registered in England and Wales, Company No. 4342122.  Thomas Westcott Financial Management Ltd is authorised and regulated by the Financial Conduct Authority. The Financial Conduct Authority does not regulate estate planning, wills, tax advice and/or cash flow modelling.  
Thomas Westcott Chartered Financial Planners T: 01752 666601 E: