News story: Alert for charities – risk of CEO fraud through Christmas gift cards

image_pdfimage_print

The information contained within this Alert is based on reports made to Action Fraud, the UK’s national fraud reporting centre, and follows previous advice from the Commission about the threat from CEO fraud.

What Is CEO Fraud and how are gift cards used to perpetrate this?

CEO fraud involves the fraudulent impersonation of a senior figure within a charity (often the Chief Executive Officer – CEO) with subsequent requests for the fraudulent transfers of funds by the charity to the fraudster’s bank account (see the Charity Commission’s regulatory alert dated 26/03/2018).

Action Fraud are reporting a new variation on this type of fraud whereby charities are targeted by fraudsters purporting to be the CEO (or a similar senior position within the charity) requesting that gift card vouchers be purchased for staff as a form of Christmas gift.

Once the vouchers have been purchased, the fraudster requests copies of the cards and their codes, allowing the fraudster to spend up to the value of the card.

Contact is typically made by email, usually from a spoofed or similar email address as the one the CEO or director of the charity would use.

What you need to do

  • ensure that you have robust processes in place to verify and corroborate all requests requiring a payment or transaction
  • get in touch with the purported originator directly, using contact details you know to be correct, to confirm that the request you have received is legitimate
  • all employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious
  • sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate employees – always shred confidential documents before throwing them away

Reporting Fraud

If your charity has fallen victim to insider fraud, or any other type of fraud, you should report it to Action Fraud by calling 0300 123 2040, or by visiting Action Fraud.

Charities affected by fraud should also report it to the Charity Commission as a serious incident, using the dedicated email address: rsi@charitycommission.gsi.gov.uk

Serious incident reporting helps the Commission to assess the volume and impact of incidents within charities, and to understand the risks facing the sector as a whole. Where appropriate, the Charity Commission can also provide timely advice and guidance.

Notes

The Charity Commission, the independent regulator of charities in England and Wales, is issuing this alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.

Leave a Reply

Your email address will not be published.