7 January 2019
What is CEO fraud?
CEO fraud occurs when criminals impersonate senior directors within a charity, and subsequently request for funds to be transferred from the charity to the fraudster’s bank account. This is commonly purported to be an 'emergency' payment when the CEO is out of the office. The official Charity Commission guidance can be found at www.gov.uk.
Recently, Action Fraud has reported a new trend in this type of fraud, where a fraudster pretending to be the CEO or other senior executive in the organisation requests that gift card vouchers are purchased for staff as a form of bonus. The criminals will then ask for copies of the voucher codes, allowing them to spend up to the value of the card themselves.
Regardless of whether the fraud is attempted through bank payments or gift cards, the requests will usually originate from a fake email account with a very similar address to that of the organisation's CEO or senior executive.
How do I prevent it?
The Charity Commission is advising charities to ensure that they have robust processes in place to verify all requests requiring a payment or transaction.
All of the organisation's employees should receive training to ensure that they are aware of the potential risks and know the organisation's cybercrime and fraud prevention policies.
Firstly, the employee who receives the request should contact the supposed sender separately, using their direct line or other verified contact details to confirm that it is a genuine request.
The more information fraudsters have about an organisation, the more believable they can appear when committing cybercrime. Therefore, the Commission also suggests that all confidential documents be shredded before being disposed of and that any sensitive information not be posted anywhere that is publically accessible.
What should I do if it happens?
If your charity has fallen victim to any type of fraud, you should report it to Action Fraud by calling 0300 123 2040, or by visiting Action Fraud.
Charities affected by fraud should also report it to the Charity Commission as a serious incident, using the dedicated email address (rsi@charitycommission.gsi.gov.uk)
Further information
If you would like to discuss this or any other matter affecting your charity, please contact me or your local UHY charity adviser. Alternatively, if you would like to read more charity-focused blogs please click here.
