The Charity Commission warns against CEO email fraud
The Charity Commission has warned charities to be vigilent to the rise in fraudulent emails aimed at charity finance departments, impersonating CEOs
The Charity Commission has issued a warning to be on the lookout for ‘phishing’ emails impersonating charity CEOs.
The warning comes after Action Fraud UK, the UK’s national fraud reporting centre, reported an increase in this type of fraud.
Charity trustees, employees and volunteers are being told to be aware of ‘requests to your finance department or staff with authority to transfer funds’ which claim to be from a charity’s CEO but are actually from a spoofed email address.
Phishing attacks are a common type of cyber crime in which targets are contacted by email, telephone or text message by someone posing as a legitimate individual.
They have become increasingly sophisticted and convincing over the past few years – the Charity Commission issued a similar warning in 2016 after a campaign by the Metropolitan Police. According to phishing defence company PhishMe, phishing attacks have grown by 65% in the past year.
Fraudsters use many tactics to convince victims that they are legitimate, such as using an organisation’s logo or signature. They often request that they, as the CEO, are not contacted further by the financial officer to validate any requests, and they may pick times when the real CEO is on holiday. They may also call up a charity or pose as a lawyer or regulator.
Among the advice given, the Commission advises that charities review their internal processes around transactions, don’t be afraid to question details and warn staff and volunteers not to click on any links or open attachments in unusual emails.