Salvation Army IT boss warns of new ways scammers abuse charities

Charity group aims to stop unscrupulous criminals

Croft: Charities must treat people’s personal details with the utmost care because their business is based on trust

Cyber criminals are targeting charities in their efforts to con people out of cash.

The Salvation Army’s CIO, Martyn Croft, told Computing that not only do fraudsters create false charity web sites, they use charity sites to test stolen credit card numbers.

Croft explained that it is particularly important for charities to treat people’s personal details with the utmost care because their business is based on trust and their reputations are their most valuable asset.

“We take credit card details from you and give you a warm fuzzy feeling in return. You don’t get a parcel coming to your door, you just give your credit card number and, naturally, you put your trust in the brand that people are going to do good with it,” he explained.

Scammers have begun to adopt a different approach to induce their target market into a false sense of security, he said. They are opting to set up compromised fake charitable web sites and asking for donations to help during times of disaster.

This is a move away from the trend of sending fake warnings from banks or building societies to consumers to gather personal details.

“You might think twice about giving your mother’s maiden name or other personal details if an email claims to be from a company such as PayPal, but if you get an email that says there’s been an earthquake and we need your help, you’re more likely to give money first and ask questions later,” he explained.

Another way charities are being exploited is by scammers pushing through small donations from stolen credit cards in an attempt to figure out which ones work and which ones do not.

“They’ll try putting through a small donation, maybe £1 or £2,” said Croft. “They’ll try card numbers one after the other until one works. The charity ends up with a small donation, and it is so small that the person whose card it is doesn’t notice the money missing on their credit card statement.”

Croft co-founded the Charities Security Forum – a group for information security professionals working in the charity sector – along with Brian Shorten, risk and security manager at Cancer Research UK and chairman of the group.

Shorten explained that one priority for the group is to prevent fraudsters taking advantage of charities.

“One of the aims is to pass information between us. We can build that level of networking between us so that when we hear about the risk of something like this, we can warn each other if we get caught out,” he said.

“At the moment I think a lot of charities still get caught like this. It’s a popular way for scammers to test if a card is valid before using it and drawing attention to themselves.”

He added that another way to counteract these scams is for banks to liaise with the cardholder when such a small one-off payment goes through, cancel the card if the transaction is illegitimate and send a new one.

“Then fraudsters will begin to realise the window of opportunity will be small and diminishing, and hopefully lose interest,” Shorten concluded.