PEOPLE, not tech, are the biggest threat to a charity's cyber security according to the NexusProject at their recent conference in Liverpool.
The biggest scams right now are carried out by phishing via emails. It used to be an attachment that the recipient was asked to click on, but now they are getting smarter. Often the link can be hidden in the 'Unsubcribe' button.
Many small charities in particular lack the resources or skill set to have people specially trained in this area and that makes them vulnerable. The rule is always, if you are not expecting it and you are unsure of where it has come from, then don't click on it, just delete it.
The National Cyber Security Centre (NCSC) offers a guide specifically for charities which summarises low cost, simple techniques to improve cyber security within charities.
You can download a copy at https://www.ncsc.gov.uk/collection/small-business-guide