Donate your fundraising efforts to fund a cyber criminals holiday or donate to charity?

Charities can only survive and help others with the generosity of those who support the charity through fundraising and donations. But those who donate to charities can unwittingly become a target for cyber criminals.


In a recent cyber attack, a lady who raised a six figure sum for her chosen charity was targeted by a hacker who found about about her fundraising efforts on social media.

The hacker managed to access her webmail address and started monitoring all the emails coming in and out of her account. The password was easy to guess, and she hadn’t turned on multi-factor authentication. That meant that when the time came to transfer the funds to go to the charity, the hacker simply intercepted the email, changed the bank account details and had the funds redirected to their own account.


Fortunately, the banks helped to recover most of the funds, but this case highlights how supporters of charities can be at risk and how charities can play a vital role in providing guidance to their supporters so they are aware and no what to look out for.

With over four-in-ten charities (45%) allowing people to donate to them online, charities need to ensure that their cyber resilience plans are as good as they can be and that they also help to educate their own donors in steps they can take to better protect themselves and the money they raise.

The SECRC have come up with some top tips which charities can share with their supporters to improve their cyber resilience.


Top Tips

  • Ensure you follow the 3 random word advice from the NCSC when it comes to creating and changing passwords.

  • Ensure two factor authentication is turned on

  • Call the charity to confirm account details (Sometimes the oldest methods are the best!)

  • Send a small amount first and then call the charity to see if it has arrived.

  • Check privacy settings on social media accounts to restrict who can see your profile.

The National Cyber Security Centre have created the Small Charity Guide which covers 5 topic areas that are easy to understand and are free or cost little to implement.

You can access the Small Charity Guide by clicking here or by clicking on the download below.

Head of Cyber Innovation for the SECRC Chris White said: “Charities often run on the trust and confidence of their supporters or the money they raise. Whilst it’s hard to believe that anyone would target a person who is trying to raise money for a good cause, sadly cyber criminals are ruthless and do not care about the victim.


Charities can help keep their supporters from falling victim by providing The right guidance and that’s where the SECRC can help.


“We understand that cyber security services can be expensive and charities need to watch every single penny they spend. The WMCRC can help by offering student services to focus on areas of cyber resilience as well as refer a charity to our Trusted Partners for Cyber Essentials certification.


"We are here to support all charities and in the region big or small, just get in touch with the team and we can help build a bespoke package of support."

Find out more via our membership page www.secrc.co.uk/membership

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.