How to steal from charities... and how you can stop it

From ransomware to shoplifting, here are five common ways in which criminals defraud charities

Fraud is a massive problem in the charity sector. The latest Annual Fraud Indicator from the accountancy firm Crowe, credit rating agency Experian and the University of Portsmouth says that charities and charitable trusts lost £2.3bn to fraud in 2017. National Crime Agency and National Audit Office statistics now suggest that fraud is the UK’s most prevalent crime. Here we outline the common ways in which criminals defraud charities.

Transferring money into a private account

In December 2017, Simon Price, the former chief executive of Birmingham Dogs Home, was sentenced to five years in prison for stealing £650,000 from the charity. He had been using a mixture of fake invoices from solicitors, construction companies and marketing firms to authorise the payments to his personal bank account. The fraud was discovered when the charity found that almost £400,000 was missing from the sale of a property in Digbeth, Birmingham.

Birmingham Dogs Home was lucky. About £500,000 has been recovered from Paddy Power Betfair after the Gambling Commission ruled that the gambling firm had failed to carry out adequate anti-money laundering checks. Other charities have not been as lucky, and some have even closed as a result of insider frauds.

How to stop it?

Many insider frauds come from one person at the charity being trusted too much or having too much responsibility for its finances.

Charities should put in place double sign-off for bank transactions and large payments, have more than one individual counting cash collections and check the charity’s transactions against its bank statements on a regular basis.

Charities should also make staff aware of how insider frauds work and encourage them to report any concerns to senior management, the Charity Commission or Action Fraud, the national fraud and cyber crime reporting organisation.


Cyber criminals are increasingly targeting charities that have poor cyber defences. In late 2016, the British and Foreign Bible Society had the personal data of 417,000 people stolen during a cyber attack on its system that exploited a weakness in its network. In some cases, supporters’ payment cards and bank accounts were at risk, an investigation by the Information Commissioner’s Office found.

The hackers used a ransomware attack to access and transfer some of the personal information held by the charity. Ransomware is used to lock data or threaten to publish it unless a payment is made. In the case of the British and Foreign Bible Society, the ICO fined the charity £100,000 because of its poor cyber-security measures, which included an easy-to-guess password.

How to stop it?

The government’s Cyber Essentials website says defences against cyber crime include securing your internet connection with a firewall and ensuring all devices and software use the most secure settings. Using strong passwords, two-factor authentication and encryption, and installing anti-malware software can also help to stop the criminals in their tracks.

Push-payment scams

Push-payment scams involve criminals encouraging employees to send money to bank accounts controlled by the fraudster by impersonating trusted individuals or organisations. The most common method is an email asking for an invoice to be dealt with, purporting to be a request from the finance director or chief executive, but instead containing the fraudster’s bank account details.

fundraising regulator websiteThe Fundraising Regulator issued warnings about fake emails requesting money

In September, many charities received fraudulent emails pretending to be from the Fundraising Regulator and requesting payments for its Fundraising Preference Service. The regulator sent out a warning to charities not to respond to the payment request.

Other methods include fraudsters contacting staff by phone, purporting to be from the charity’s bank. They then ask for the charity’s financial details.

How to stop it?

Charities need to put in place compulsory training for staff on push-payment scams, and staff should be told to be vigilant and question any payment requests that seem suspicious. Culture can be a big factor because some charity staff are uncomfortable questioning or checking instructions that appear to come from senior staff or trusted organisations such as a regulator. Charities need to encourage staff to check details and raise any suspicions.

Fake fundraisers

Some criminals impersonate charity collectors or set up fake fundraising accounts to divert funds that would otherwise have been donated to legitimate charities.

In 2014, two men were imprisoned after they were caught impersonating Help for Heroes bucket collectors before an England football match at the national stadium in Wembley. They wore jackets from the charity and carried made-up identity cards. Other forms of fundraising fraud include the use of fake collection bags.

How to stop it?

There is little a charity can realistically do other than advise the public about the tell-tale signs. The Fundraising Regulator recommends that the public check fundraisers’ identification and whether they have permits or licences. Genuine fundraising materials should have the charity’s registration number and other details, such as the charity’s logo or landline number.

charity shopsCharity shops can provide easy pickings for shoplifters 


Charity shops are easy targets for shoplifters – and it’s not always random members of the public: staff and volunteers have been found guilty of stealing in the past.

Research carried out by the Charity Retail Association last year found that, in the two years since the beginning of 2016, 45 per cent of charities felt incidents of theft had increased, compared with 49 per cent that said it remained at the same level.

How to stop it?

Staff should be made aware of common signs that a customer is actually there to steal goods. These can include nervousness, wearing baggy or heavy clothing out of season and behaving unusually. The use of mirrors and lighting can also help to prevent shoplifting. To prevent internal theft, charities should have stock controls in place, follow up CV references for staff and volunteers and carry out random bag searches.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in
RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners