CEO Christmas card fraud alert issued
The Charity Commission has issued an alert warning charities about the risk of CEO fraud through Christmas gift cards.
This alert provides information and advice to charity trustees, employees and volunteers to help prevent CEO fraud at Christmas time.
CEO fraud involves the fraudulent impersonation of a senior figure within a charity (often the Chief Executive Officer - CEO) with subsequent requests for the fraudulent transfers of funds by the charity to the fraudster’s bank account.
Contact is typically made by email, usually from a spoofed or similar email address as the one the CEO or director of the charity would use.
Action Fraud are reporting a new variation on this type of fraud whereby charities are targeted by fraudsters purporting to be the CEO (or a similar senior position within the charity) requesting that gift card vouchers be purchased for staff as a form of Christmas gift.
Once the vouchers have been purchased, the fraudster requests copies of the cards and their codes, allowing the fraudster to spend up to the value of the card.
What you need to do
- Ensure that you have robust processes in place to verify and corroborate all requests requiring a payment or transaction
- Get in touch with the purported originator directly, using contact details you know to be correct, to confirm that the request you have received is legitimate
- All employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious
- Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate employees – always shred confidential documents before throwing them away
If your charity has fallen victim to insider fraud, or any other type of fraud, you should report it to Action Fraud by calling 0300 123 2040, or by visiting Action Fraud.
Charities affected by fraud should also report it to the Charity Commission as a serious incident, using the dedicated email address: firstname.lastname@example.org