People across the voluntary, community, faith and social enterprise sector are working hard to provide essential support to vulnerable and isolated people during the COVID pandemic. Sadly there are people out there trying to cash-in on our goodwill and take our resources through scam e-mails. These scams can either directly try to get funds from you or look to use your connections to get funds from other organisations.
We are aware of several organisations, both small and large, who have recently received scam e-mails in our area.
Here are a few simple things you can do to help protect yourself and your organisation:
- Ask yourself how well you know the person who appears to have sent the e-mail. Always be more suspicious of e-mails that you are not expecting or that come from people you either don’t know at all or don’t know well.
- Ask yourself whether the e-mail is typical of the person who appears to have sent it. Does it have the usual greetings they use? Does it look to be the same as usual (e.g. font, use of colour, layout, signatures, use of emojis). For example, if it’s an invoice, does the e-mail look like ones you’ve had with invoices from this person or organisation before?
- Ask yourself whether the text in the e-mail includes things that can’t easily be guessed or that couldn’t be found in the public domain. For example “Please find attached the invoice for the work we did for you” is very generic and should be treated with suspicion but “Please find attached the invoice for the printing we delivered on 12 May” is much more specific and can easily be checked so is probably more trustworthy.
- Check the spelling and grammar. For some reason, scammers seem to make more spelling and grammatical mistakes than most bona fide organisations.
- Ask yourself whether it seems to be too good to be true. Unexpected offers are often not what they first appear to be. We have recently heard of a local community group being asked to supply information about themselves so a third party could apply for funding on their behalf – I doubt the group would have seen any of this money and they could possibly had a criminal attempt to drain their bank account!
- Get in touch another way. If you’re in the least bit suspicious ignore all the contact details in the e-mail and try to get in touch with the sender another way. Maybe you already have their phone number, or you follow them on Twitter or perhaps you can look their organisation’s website up, phone the number on their public web page and ask to be put through.
These types of attacks are getting more common and more sophisticated so please do take care. Here’s a short video to help you to understand a bit more about these types of scams:
There is also a great set of resources at the National Cyber Security Centre:
https://www.ncsc.gov.uk/training/top-tips-for-staff-web/story_html5.html
Finally, we have a Data Protection Officer at Action Together and if you have any specific concerns affecting VCSE organisations in Oldham, Rochdale or Tameside let us know so we can see what we can do to help you all. Contact us at info@actiontogether.org.uk or call 0161 339 2345.