Today is Friday, and for most people this means a chance to daydream about weekend plans and forget about work.
Unfortunately for some charities, Friday is not quite as joyful, as they fall victim to the various Friday CEO afternoon frauds. Small charities can be particularly at risk of falling victims to these scams as due to small teams where individuals often work from home, or a reliance on volunteers in the office, or if you have a high turnover of staff and operating with stretched resources.
So what are the Friday afternoon frauds?
Friday afternoon frauds can be varied, and do not always occur on a Friday!
Official looking emails asking for bank transfer:
Often they involve an official looking email from the CEO or another senior staff asking for a bank transfer. These emails will often involve common tricks: nearly identical email addresses, the staff signature (remember CEO’s do not need to sign annual reports for the Charity Commission as fraudsters use the website to copy signatures), often small amounts in the low £1000 for products/services that a charity would use. If you are unsure of whether a transaction is legitimate, you can contact your bank for further advice.
Fake bailiffs and phantom debts:
If you receive a fake bailiff invoice remember you can check with the local court about whether this has been issued. Bailiff’s can only cover certain debt and debt collectors do not have special court authorisation to act. To not feel rushed or intimidated into making a quick decision. You can request details of the debt in writing to access its legitimacy.
Similar to the scams above, a charity might receive an invoice from a company that looks legitimate and might be one that the charity would use. You can counter this type of fraud by creating an internal system that states how invoices are handled. Secondly, read the (often very tiny) fine print! Sometimes these ‘invoices’ are not invoices at all, but rather a subscription to the dodgy companies’ trademark listing directory. So always read the whole document before any action is taken!
Unfortunately this is not a reference to a new Godzilla film, but rather is a type of fraud where a group called ‘Lizard Squad’ will either seize data and information, or threaten a denial of service attack which can bring down a charities website. They demand Bitcoins (a form of online currency) by a certain date and time from a charity to stop this extortion. The Charity Commission has issued a warnings on this type of fraud.
Do not pay the ransom! Instead contact Action Fraud and the Charity Commission by submitting a Reporting Serious Incident form. A charity can counter this by ensuring that they have proper and adequate online protection. Reassess how your systems are protected, and encrypt any sensitive information.
Further precautionary measures:
If any of these emails or letters have phone numbers on them then a quick Google can be useful. Sometimes fraudsters will provide a phone number for a charity to use to seek further information that will direct to themselves or an accomplice. If you are unsure if the phone number is legitimate do not use it!
Double check anything before you send the requested money! Charities should have internal procedures in place that employees should know about when dealing with financial transactions. Sometimes a simple phone call to the CEO that is working from home, or your bank can go a long way to preventing fraud.
Get Safe Online is a great resource for understanding online safety for organisations.
CFG is also hosting a fraud forum to encourage charities to engage with fraud. If you would like more information about this then please contact firstname.lastname@example.org