The regulator of the charity sector in England and Wales, the Charity Commission, has alerted charities to CEO fraud. As attempted by criminals against businesse generally, that fraud involves the impersonation of a senior figure (usually but not necessarily the chief executive) with requests for transfers of funds. Action Fraud, the UK’s national fraud reporting centre, has reported an increase in that type of fraud.
The Commission says the most recent reports have involved targeting of schools where fraudsters have falsely claimed to be the head teacher or principal.
If a charity has fallen victim to CEO, or any other type of fraud, it should report it to Action Fraud by calling 0300 123 2040, or visiting the Action Fraud website. Charities affected by fraud should also report it to the Charity Commission as a serious incident, using the dedicated email address: [email protected].
Comment
Tim Helming, director of product management at IT security firm DomainTools said: “The fact that Action Fraud have picked out the charity sector as a potential target for phishing attack is no surprise. The shoestring budgets associated with most charitable organisations, and the understandable prioritisation of front-line services over cyber-security products and training is well known, meaning malicious actors can exploit their lack of funding. Our phishing detection solution, PhishEye, recently revealed a plethora of websites posing as well-known UK charities, which given their associated risk score, are undoubtedly engaging in phishing or malware campaigns, intending to exploit members of the public hoping to donate. Organisations need to realize that while prioritising cyber-security may not be immediately obvious on a tight budget, failing to do so could cause more damage to front-line services in the long-run.”
The Fraud Advisory Panel (itself an awareness-raising charity) recently produced resources to help charities prevent, detect and respond to fraud. And separately the NCSC (National Cyber Security Centre) launched cyber security guidance for the charity sector.
