Identifying cyber fraud in the charity sector

27 November 2023 / Insight posted in Article

One of the most significant areas to focus on during Charity Fraud Awareness Week, is cybercrime. The risks to all charities are increasing in terms of impact, significance, cost and repercussions. The nature of the sector model and its reliance on financial donations (often processed by a third party), means that all organisations need to be aware of (and guard against) the cyber threat.

Cyber attacks can often be difficult to detect. When relying on third parties acting on your behalf, there is no guarantee that they will either be aware of an attack or are quick enough to let the charity know that a cyber incident has taken place.

Latest data on cyber fraud in the
charity sector

The National Cyber Security Centre published results from their 2022 Cyber Security Breaches Survey that exposed startling trends in the charity sector:

  • 26% of charities estimate they are attacked at least once a week
  • 19% have experienced a negative outcome as a direct consequence of a cyber attack
  • 38% have experienced at least one negative impact
  • 44% allow people to donate to them online
  • 42% have beneficiaries that can access services online

Cyber attacks charities should be
aware of

There are several common attack techniques that charities should mitigate against wherever possible.


A technique where cyber criminals will send scam emails, text messages or phone calls to trick their victims. Their aim is often to make you visit a website, which may download a virus on to your computer, or steal bank details or other personal information.

Business email compromise

Business email compromise (BEC) is a type of cybercrime where the scammer uses email to trick someone into sending money or divulging confidential company information.

BEC scams are on the rise due to increased remote and hybrid work patterns.

Fake organisations and websites

On the rise, criminals are exploiting the credibility of many well-known charities by tricking genuine donors into giving money to what appears to be a legitimate charity.

They are also setting up fake charities or impersonating well-known charity names, to add credibility to their phishing campaigns.


Ransomware is a type of malicious software (malware) that locks a charities data or devices and threatens to keep them locked unless the victim pays a ransom to the attacker – accounted for approximately 20% of all cyber attacks in 2022.

Ricky O’Connell, Director in our Forensic Accounting team, emphasises the importance of fraud awareness:

“Fraud is by far the most common crime in England and Wales, accounting for over 40% of all offences (Fraud strategy: stopping scams and protecting the public), and cyber fraud accounted for 61% of all fraud in 2022 (Nature of fraud and computer misuse in England and Wales). It has never been more important to protect your business from cyber threats.”

How we can help

Protecting yourself from any type of cyber threat is crucial in today’s digital age. As attacks become more sophisticated and more often, staying vigilant is essential to reducing the risk of an attack.

Our cyber security and data privacy consultancy, Moore ClearComm, can support your organisation to improve its cyber defences and reduce the likelihood and impact of a successful attack. Contact them directly at

Get in touch

How did you hear about us?