Stephen Service, former Policy Manager, Fundraising Regulator
On 19 September, we were made aware of a scam email targeting several charities. The email claimed to be from the Fundraising Regulator and sought payment from individual charities for the Fundraising Preference Service. We immediately issued an alert to warn charities and we notified Action Fraud and the Charity Commission.
There is no evidence to suggest any of our data was compromised, but it comes with the territory as a regulator that fraudsters will use the names of authorities to give extra authenticity to a phishing attempt.
So how do you know if an email you receive is genuinely from the Fundraising Regulator? Whilst we aren’t sending invoices for FPS, we ARE sending invoices to charities for levy year 2.
Here are 5 ways to check if what you’re seeing is legitimate:
Check the email address it comes from:
- When we send you an email, it will come from an account ending in “@fundraisingregulator.org.uk”. The scam emails we have seen have an unusual email address behind what looks like a genuine sender name. To find out if there’s a fraudster behind what looks like a genuine sender, use your mouse to hover the cursor over or right-click on the sender name and you should see the email address behind it. If it looks suspicious, it probably is.
Check links in the email:
- Spoof examples may hide a dodgy destination URL behind a legitimate sounding link. Don’t click on the link but hover your mouse over it, and it will reveal the true destination URL. If it isn’t a URL with the prefix https://www.fundraisingregulator.org.uk, don’t click on it.
Check the spelling and grammar in the email:
- Emails may contain significant spelling or grammar mistakes or inconsistent presentation, such as several different font styles, font sizes and a mismatch of logos.
Unique ID number:
- All those who paid the levy in year 1 should have received a unique and confidential ID number. We will be including this unique ID number in all levy year 2 renewal communications from today, so that levy payers have an additional means of checking validity.
If in doubt, contact us:
- If you’re still unsure whether a scammer is behind the email you received, get in touch with us directly through our ‘contact us’ page.