top of page

Donate a holiday to a cyber criminal or donate to charity?

Charities can only survive and help others with the generosity of those who support the charity through fundraising and donations. But those who donate to charities can unwittingly become a target for cyber criminals.

In a recent case in the West Midlands, a lady who raised a six figure sum for her chosen charity was targeted by a hacker who found about about her fundraising efforts on social media.

The hacker managed to access her webmail address and started monitoring all the emails coming in and out of her account. The password was easy to guess, and she hadn’t turned on multi factor authentication. That meant that when the time came to transfer the funds to go to the charity, the hacker simply intercepted the email, changed the bank account details and had the funds redirected to their own account.

Fortunately the banks helped to recover most of the funds, but this case highlights how supporters of charities can be at risk and how charities can play a vital role in providing guidance to their supporters so they are aware and no what to look out for.

With over four-in-ten charities (45%) allowing people to donate to them online, charities need to ensure that their cyber resilience plans are as good as they can be and that they also help to educate their own donors in steps they can take to better protect themselves and the money they raise.

The WMCRC have come up with some top tips which charities can share with their supporters to improve their cyber resilience.

Top Tips

  • Ensure you follow the 3 random word advice from the NCSC when it comes to creating and changing passwords.

  • Ensure two factor authentication is turned on

  • Call the charity to confirm account details (Sometimes the oldest methods are the best!)

  • Send a small amount first and then call the charity to see if it has arrived.

  • Check privacy settings on social media accounts to restrict who can see your profile.

The National Cyber Security Centre have created the Small Charity Guide which covers 5 topic areas that are easy to understand and are free or cost little to implement.

You can access the Small Charity Guide by clicking here or by clicking on the download below.

Charity Guide v3
Download PDF • 1.91MB

Head of Cyber Innovation for the WMCRC Hinesh Mehta said: “Charities can’t afford to lose the trust and confidence of their supporters or the money they raise. Whilst it’s hard to believe that anyone would target a person who is trying to raise money for a good cause, sadly cyber criminals just don’t care.

“They know that where there is fundraising there is money for them to take. Charities can help keep their supporters from falling victim by providing The right guidance and that’s where the WMCRC can help.

“We understand that cyber security services can be expensive and charities need to watch every single penny they spend. The WMCRC can help by offering student services to focus on areas of cyber resilience as well as refer a charity to our Trusted Partners for Cyber Essentials certification.

"We are here to support all charities and in the region big or small, just get in touch with the team and we can help build a bespoke package of support.”

Find out more via our membership page


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page