Charities at risk of cyber attack, regulator says

Details of scams targeting charities revealed

| 15th Dec 16

The Charity Commission has issued an alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.

The information contained within this alert is based on reports made during the past month to Action Fraud, the UK’s national fraud reporting centre.

There are two prevalent scams to be aware of:

‘Crime Prevention Advice’ email

Fraudsters are sending out a high number of phishing emails to personal and business email addresses with the message subject heading ‘Crime Prevention Advice’. Charities could also be at risk from this disturbing new email scam and are encouraged to be vigilant.

The campaign’s primary function appears to be the distribution of powerful malware via a malicious email attachment. The email sender appears to be spoofing a Metropolitan Police email address, showing the sender as ‘’. The email contains the text:

‘TO THE GENERAL PUBLIC See attached document to read more about crime prevention advice. Regards, Metropolitan Police Service.’

The email includes an attachment titled ‘’. This attachment contains malicious content which downloads the iSPY key logger to the victim’s device. This key logger records keystrokes, steals passwords stored in web browsers and Skype conversation records, takes pictures via webcam and stores the license keys of software, such as Microsoft Office and Adobe Photoshop.

‘Notice of Intended Prosecution’ email

Fraudsters are sending out a high number of phishing emails to email addresses connected to businesses in the United Kingdom, with the message subject heading ‘Notice of Intended Prosecution’ and ‘NIP – Notice Number’ followed by a combination of letters and numbers.

Its primary function appears to be distributing Banking Trojan malware, through a malicious link embedded within the email. The emails purport to come from the Greater Manchester Police, so will be of most relevance to those charities based in the North West of the UK.

It is believed that the URL hidden behind the line ‘Check The Photographic Evidence’ delivers the GOZI/ISFP Banking Trojan which is involved in stealing online banking login details from victims.








In both cases, charities are advised to protect themselves in the following ways:

  • ensure charity software has up-to-date virus protection, though it will not always prevent you from becoming infected
  • do not click on links or open any attachments you receive in unsolicited emails or SMS messages – fraudsters can ‘spoof’ an email address to make it look like it’s from a trusted source
  • if you’re unsure, check the email header to identify the true source of communication – information on how to locate email headers can be found at
  • always install software updates as soon as they become available, as the update will often include fixes for critical security vulnerabilities
  • if your current software does not offer an ‘anti-spyware’ function, consider installing software which does, as this can detect key loggers
  • undertake regular backups of your important files to an external hard drive, memory stick or online storage provider – however, it’s important that the device you back up to is not left connected to your computer, as a malware infection could spread to that device too
  • if you suspect your bank details have been accessed, you should contact your bank immediately

If you think your charity has been affected by a phishing scam, or any other type of fraud, you should report it to Action Fraud by calling 0300 123 2040, or visiting