Cyber scams and how to reduce risks

You may be aware of cyber scams that have been making the rounds in the creative and non-profit sectors. Now could be the time to test your systems to reduce the risk that your organisation becomes their latest victim. Here’s some tips.

An Example Scam

Fraudsters are accessing CEO, Director, and Trustee names from publically available databases.  Using these names, they contact the organisation’s finance department, and request payment of an invoice or expense, usually with an implied sense of urgency.  These fraudsters may even set up an email account very similar to the one used by the individual they are claiming to be.

As we know, cyber scams can be sophisticated, but many are easily spotted and dealt with.

Preventing Scams

Here are some ways to help protect your organisation from this method of fraud:

  • Have clear and sensible internal financial controls.
  • Be sure to always follow those controls.
  • Review your bank mandates to reinforce those internal controls.
  • If you receive a request for payment via email, check the validity of the email address.
  • Follow-up with the individual making the request by phone or in person – don’t rely on a response sent from the same (fraudulent) email address.
  • Ensure payment requests have appropriate supporting backup (e.g. an invoice) and are in line with the organisation’s procedure for making payment requests.
  • Report any concerns as appropriate and in line with organisational procedures.

If you have received a scam email, you can report it to the police:

What to do if you are a victim of a cyber scam

If you think that you may have been a victim of a fraud like this, there are some quick steps you can take to reduce the risk of other cyber scams:

  • Contact the fraud department of your bank.
  • Take appropriate internal action to prevent other payments from being made.
  • Inform the board.
  • Check insurance policies and report to insurers if appropriate.
  • Keep good records.
  • Consider whether disciplinary action is necessary.
  • If your organisation is a charity, follow the Charity Commission checklist, and consider if the circumstances should be reported as a serious incident.
  • Prepare internal and external statements.
  • If you need help to deal with a serious situation in an appropriate timescale, ask for it.
  • When you have dealt with all the urgent steps, take time to consider what went wrong so that appropriate action can be taken for the future.

If you have any questions or would like advice, please contact us.


Photo by Luther Bottrill on Unsplash