Phishing Scams: The emerging threat to charities

Phishing Scams

Phishing scams are as dangerous as any other malicious act performed by internet hackers and in recent years approaches have increased in sophistication to make them more successful.

This comes as more of the general public are educated on cyber security and are taking steps to lower the possibility of falling victim to an attack. This said, attackers are continuously introducing new methods to lower the guard of your average computer user.

What is a Phishing Attack?

Phishing is a method cyber criminals use to steal sensitive information by making the victim believe they are a trustworthy entity, usually over email, but can involve websites and social media accounts, or even mail through the post.

Attackers are able to fake their identity by using techniques like email spoofing and are able to register an email address that looks similar to one you would trust.

Effective phishing isn’t about being highly technical, but about being aware of the human condition and understanding how to lower someone’s guard merely through an email subject line. This is why we find a continued evolution in phishing methods and the methods employed to catch people off guard.

For phishers, it’s much simpler to find security holes in human behaviour than computers.

Charity Phishing

Phishing scams have recently started to leverage the emotional effect charities have on the public.

In the past, avid anglers would use scare tactics to retrieve sensitive information from unsuspecting victims, using approaches such as “your account will be deactivated if” to grab people’s attention – a form of cyber extortion we’ve since been desensitised to.

Televised disasters like the Grenfell Tower fire or the recent 2018 Florida school shooting are catalysts for cyber criminals, allowing them to tug at the heartstrings a little harder. These types of attacks have seen an increase in the past few months, but it isn’t a new approach.

The wider impact

With the speed at which news propagates through social media, along with the help of Twitter bots being used to interfere with trending hashtags, phishers are able to use these events to their advantage.

Fake donation emails and charity websites have started to become the norm for phishers, causing problems for more than just the victim. Donors are made to think they’re contributing to a legitimate cause, completely unaware that their donation is going into the pockets of fraudsters and not helping those in need.

In August 2017, Hurricane Harvey was also targeted by malicious individuals aiming to capitalise on the disaster. The US-CERT issued a warning to advise readers that Hurricane Harvey was being used in phishing campaigns. Fraudulent emails were sent requesting donations, while also carrying malicious attachments and links to malware-infected websites. This also happened back in 2008, with the Trend Micro reporting donation scams following the Chinese earthquake. Even more recently the Esterville Police Department warned of donation requests from scammers and subsequent phishing campaigns after the Florida school shooting in February last year.

Staying Protected

Protecting yourself is simple, but unfortunately so is falling victim. The key is to remain vigilant when reading an email, instant message or social media post about helping the less fortunate.

Phishing attacks can be anywhere, not just in your inbox. If you want to donate to an organisation, it is best to go directly to their website. Use websites like’s charity commission or, which allow you to research charities and relief organisations to give you peace of mind that you’re giving to legitimate charities that aren’t going to disappear once you’ve clicked “send donation”.

If you come across a charity that you suspect is trying to scam you, the best thing to do is report it to the Charity Commission and Action Fraud. They will investigate and take down the organisation if they are built on false promises.

It’s important that phishing attempts are reported, not just deleted. Working as a community can help to fix this problem and ensure donations are sent to legitimate charities and not phonies.


Beyond taking these steps to reduce the chances of phishing attacks, its vital to ensure that you are properly covered should phishing scams occur. Contact our expert team at ThirdSectorProtect to learn more about reducing your charities risk with insurance. 

For more information on handling fraud risks within your charity, read another of our blog posts:

For more tips and tricks on all things related to charities, not-for-profits and community groups,  follow us on FacebookTwitter & LinkedIn