The Charities Commission has issued an alert to charity trustees, employees and volunteers about the growing risk of CEO fraud through Christmas gift cards
CEO fraud involves the fraudulent impersonation of a senior figure within a charity, with subsequent requests for the fraudulent transfers of funds by the charity to the fraudster’s bank account, and has already been highlighted by the regulator earlier in 2018 as a risk to the sector.
Now Action Fraud is reporting a new variation on this type of fraud whereby charities are targeted by fraudsters purporting to be the CEO (or a similar senior position within the charity) requesting that gift card vouchers be purchased for staff as a form of Christmas gift.
Once the vouchers have been purchased, the fraudster requests copies of the cards and their codes, allowing the fraudster to spend up to the value of the card.
Contact is typically made by email, usually from a spoofed or similar email address as the one the CEO or director of the charity would use.
The Charity Commission is advising charities to ensure they have robust processes in place to verify and corroborate all requests requiring a payment or transaction.
They should get in touch with the purported originator directly, using contact details they know to be correct, to confirm that the request they have received is legitimate.
All employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious.
The regulator also advises that sensitive information posted publicly, or disposed of incorrectly, can be used by fraudsters to perpetrate fraud against the charity. The more information they have about the charity, the more convincingly they can purport to be one of its legitimate employees, so all confidential documents should be shredded before being thrown away.
Report by Pat Sweet