Alert for charities – watch out for CEO fraud
This alert provides information and advice to charity trustees, employees and volunteers to help prevent CEO fraud.
CEO fraud involves the impersonation of a senior figure (usually the Chief Executive Officer) with subsequent requests for transfers of funds. Action Fraud, the UK’s national fraud reporting centre, have reported an increase in this type of fraud.
The most recent reports have involved targeting of schools where fraudsters have falsely claimed to be the head teacher or principal.
We issued an alert in January 2016 warning of the similar threat posed by mandate fraud.
What to look out for
Requests to your finance department or staff with authority to transfer funds, usually from a spoofed or similar email address to that of the subject being impersonated.
There are some reported instances where fraudsters have called up to make themselves appear legitimate. In addition, a second fraudster may be introduced who poses as a lawyer or regulator. The caller may claim to be based in another country.
With a strong social engineering element, the fraudster often requests that they, as the CEO, are not contacted further by the financial officer as they are busy.
Alternatively the fraudster may pick occasions when the real CEO is on holiday, preventing the financial officer from checking the validity of the request.
Protection and prevention advice
- review internal procedures regarding how transactions are requested and approved, especially those in relation to verifying validity
- email addresses can be spoofed to appear as though an email is from someone you know. Check email addresses and telephone numbers when transactions are requested. If in doubt request clarification from an alternatively sourced email address/phone number
- if an email is unexpected or unusual, then don’t click on the links or open the attachments
- don’t be afraid to question details when being tasked to transfer money at short notice
- sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate suppliers or employees. Always shred confidential documents before throwing them away
If your charity has fallen victim to CEO, or any other type of fraud, you should report it to Action Fraud by calling 0300 123 2040, or visiting the Action Fraud website.
Charities affected by fraud should also report it to the Charity Commission as a serious incident, using the dedicated email address: firstname.lastname@example.org
Serious incident reporting helps us to assess the volume and impact of incidents within charities, and to understand the risks facing the sector as a whole. Where appropriate, the Charity Commission can also provide timely advice and guidance.
The Charity Commission, the independent regulator of charities in England and Wales, is issuing this alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.
Latest News from
Charity regulator opens inquiry into Hospice Aid UK15/11/2019 09:25:00
Inquiry to examine financial and governance matters at the charity.
Court finds former trustees of disability charity in contempt of court14/11/2019 15:20:00
Charity Commission is successful in its first ever application to the High Court for a finding of contempt of court.
New board addresses governance failings at Christ Embassy following regulator’s inquiry14/11/2019 11:20:00
Charity Commission reports on inquiry into Christian charity.
Commission appoints interim manager to Aid Convoy08/11/2019 14:10:00
Interim manager appointed to address continued concerns at charity under inquiry.
Charity regulator helps the public give confidently ahead of Remembrance Sunday08/11/2019 12:20:00
Advice on how to ensure your charity donations reach their intended cause.
Committee seeks views on charity accounting framework04/11/2019 08:25:00
The SORP-making body is looking for engagement partners that will form key stakeholder groups to help gather feedback and ideas for change.
Regulator investigates linked charities over financial concerns01/11/2019 16:30:00
Significant discrepancies in charity accounts raise serious concerns
Commission finds misconduct and mismanagement by trustees who lacked the skills to manage a charity31/10/2019 12:20:00
Charity Commission inquiry into Jalalabad Association uncovers failures in its governance, finances and safeguarding