Want to stay up-to-date with the latest IT news?

Subscribe to our mailing list to hear the latest news, events, free resources, and more for your industry.

Sign up now
Blog

The gift of cyber security for charity organisations

4 minute read

Kelsey Smith

November 28th, 2024

The gift of cyber security for charity organisations

4 minute read

Kelsey Smith

November 28th, 2024

*This blog was last updated on December 5th, 2024

Cyber criminals work all year-round, so why do we see such an increase in phishing campaigns over the Christmas period, especially for charity organisations? We explore why the festive season is prime time for cyber attacks and how to protect yourself from getting caught out.  

As we quickly approach Christmas, many of us are getting into the festive spirit. But as charities find themselves busier than ever, managing holiday campaigns, supporting communities, and fundraising efforts, this time of year is vulnerable to an increase in successful phishing campaigns. That means that cyber security should remain a top priority.

So, what should you be looking out for over the next few months? And how can you prevent your charity from falling victim to a festive cyber scam?

Phishing campaigns

According to the Cyber Security Breaches Survey 2024, 94% of charities have experienced a phishing attack. Organisations need to be vigilant to phishing campaigns at all times, but as we see more targeted attacks over the festive period, individuals within your organisation are likely to be more frequently exposed due to an increase in attempts.

These attacks usually leverage human habits and behaviours, and as Christmas is a key time for donations and various charity work, threat actors utilise strategies relating to these campaigns to target charities. Think online retailers, delivery companies, and online booking platforms.

These emails can be very convincing and difficult to spot, but the simplest way to reduce your chances of falling victim to cyber crime is to think before you click.

It sounds easy, but taking the time to familiarise yourself with the most common signs of a scam email and properly reading emails before clicking on anything within them is the best way to protect against them.

Most common signs of a phishing email

There are many warnings that can alert you to a phishing attempt, but the most common signs to look out for are:

  • Grammar and spelling errors
  • Inconsistencies in email addresses, links, and domain names
  • Threats or a sense of urgency
  • A sense of scarcity (e.g. act now, only five places left). This encourages colleagues to act quickly
  • Unusual requests
  • Request for credentials, payment information, or other personal details

If you spot any of these in an email that you receive, be cautious. Before you click on anything, verify the request by visiting the sender’s website or contacting them directly (remember to never click on the links within the email, instead, visit the website directly via your browser), and if you’re still unsure, report it to your cyber security or IT team for inspection.

However, as cyber criminals look for new ways to convince you that emails are genuine in the hope that you’ll take action, phishing campaigns are always changing, and emails are becoming more sophisticated. Because of this, you must remain vigilant even when the usual tell-tale signs of a scam aren’t present. If something about an email doesn’t feel quite right, it’s probably because it isn’t and it’s best to approach with caution by flagging it to the relevant team at your organisation.

Password hygiene and multi-factor authentication (MFA)

Password hygiene is a hot topic when it comes to cyber security, and with good reason. A strong, secure password is one of your main defences against cyber criminals accessing your online accounts.

Alongside a solid password, multi-factor authentication (MFA) adds an extra layer of protection. Most modern websites and apps have the option to enable MFA, and where this is available, it is strongly recommended that you do. Once MFA is enabled, even if a hacker does gain access to your passwords, they will find it difficult to get into your accounts without the unique, one-off code generated by MFA, which is usually sent directly to your mobile device and/ or email address for you to confirm.

Protect your reputation

During the festive season, your charity’s reputation becomes a prime target for cyber criminals. Fraudsters may exploit your brand by creating fake donation campaigns or websites, tricking potential donors. This not only diverts funds away from your mission but can also harm the trust you’ve worked to build with supporters.

  • Monitor your digital presence regularly, including social media platforms, to identify and report fraudulent activities using your brand
  • Use tools like domain monitoring services to identify websites impersonating your organisation
  • Communicate with your supporters about how to verify legitimate donation requests and avoid scams

We support organisations of all sizes to identify and manage risks in their cyber security strategy.

We also work closely with the NCVO, and as a Trusted Supplier, we understand the unique challenges faced by charity organisations and their need to protect sensitive data.

Headshot of Kelsey Smith

About the author

Kelsey joined Phoenix in late 2022 as the Content and Social Media Apprentice, moving into Content Executive in 2024 after working closely with the Marketing Team to develop her skills in digital marketing. Kelsey’s passion lies in content creation, which is reflected in her contributions across all areas of the business, from external and internal campaigns to our social media accounts.

Kelsey is not only keen to learn about marketing, but also the challenges organisations face and how Phoenix helps them overcome these.