The seven main types of charity fraud

More than two in five charities reported being impacted by fraud or attempted fraud in 2024, according to research. Research by the charity Fraud Advisory Panel and business consultancy BDO also found charities suffered between four to seven incidents on average.

 

The costs can be huge. In more than eight in ten cases charities lost money, with the average loss per fraud between £102,000 and £197,000. Only two in five recovered losses.

 

With so much at stake it pays for charities to be aware of the breadth of the threats they face.

 

This is particularly from trustees, staff, and volunteers, as BDO and Fraud Advisory Panel found that half of all fraud is committed by those inside charity organisations.

 

Here we examine the latest risks of fraud facing charities, focused around the seven main threats that have been highlighted in further research by financial advice firm RSM.

 

Cyber fraud

 

Charities’ increasing reliance on digital platforms has seen cyber fraud increase markedly in recent year. Attacks include hacking, ransomware, and phishing attacks, in which scammers send fraudulent emails to gain access to personal or bank details, according to RSM.

 

The government’s 2024 cyber security breaches survey highlighted the extent of the threat, revealing that around a third of charities experienced a cyber-attack in 2024 and four in five of these cases involved phishing.

 

This government survey also found that on average a disruptive cyber breach can cost a small charity more than £1200 on average. The typical bill for a large charity is more than £10,800.

 

The case for investment in cyber-security is certainly strong, according to this research.

 

 

Donation fraud

 

Donation fraud is when criminals set up fake fundraising campaigns to garner donations. This can be by pretending to be an existing charity, or by creating communications and promotion for an entirely fake organisation. RSM warns that the increase in online donations and social media campaigning over the last decade has contributed to the growth in this form of fraud.

 

 

Artificial intelligence fraud

 

Scammers are becoming increasingly sophisticated in their attempts to take money from good causes. This includes using artificial intelligence (AI) to create realistic images and stories to convince supporters to donate.

 

Another use of AI is in phishing scams where chatbots are used to impersonate charity representatives to gain donations, or to mimic banking officials to gain money from charities.

 

AI can be used to impersonate suppliers with fake bank accounts where payments can be made. 

 

 

Payroll fraud

 

This is where staff manipulate the payroll system for personal gain, such as by creating fake employees or by fraudulently inflating hours worked or salaries. Claiming a salary while sick but then working for another employer is also payroll fraud.

 

 

Grant fraud

 

Trusts and foundations can be targeted by criminals trying to access grant funding by pretending to be a good cause. In some cases, those within charities themselves may be acting fraudulently to gain funding by misreporting expenses and inflating project costs.

 

 

Expenses fraud

 

RSM warns that expenses fraud is one of the “most widespread types of fraud”, often involving relatively small amounts being taken by staff and others involved in a charity over a long period of time. This can be for non-existent expenses and personal expenses disguised as business costs.

 

“Expense fraud can be particularly damaging as it directly impacts the charity’s financial resources and undermines donor confidence that the funds are used for the benefit of the charity,” warns RSM’s research. One in three fraud incidents involve expenses, the BDO and the Fraud Advisory Panel’s research found.

 

 

Procurement fraud

 

This is where corrupt practices occur in charity’s purchasing and contracting processes.

 

This can include a failure by a trustee to declare a connection to a company and kickbacks are handed out in exchange for contracts. Rigging the procurement process in favour of a particular supplier is another form of procurement fraud. RSM has seen cases of this form of fraud, involving sums up to “up to £1 million in impact and reputational damage”.

 

 

How to prevent fraud

 

To help prevent fraud, RSM’s research recommends that charities should:

• Carry out regular internal audits to detect fraud as well as gaps in security
• Improve fraud prevention training and awareness among all staff, trustees, and volunteers, and include a clear whistleblowing process to help staff report concerns
• Strengthen governance, with clear policies to prevent fraud, especially in risk areas such as procurement, expenses, and payroll
• Focus on cybersecurity by installing strong protection tools, regularly updating software, securing passwords, and ensuring active two-factor authentication
• Develop a fraud response plan to help charities react swiftly to fraud, which could include isolating devices where an attack has happened and contacting software suppliers for help
• Stay up to date with trends, which helps spot emerging risks, such as increasing use of AI