Charity alert: beware of these common scams

The Charity Commission has warned charities about two malicious “phishing emails”.

The warning follows a report published at the end of 2016 by Action Fraud, the UK’s national fraud reporting centre.

Their report warned that fraudsters are sending out a high number of phishing emails to personal and business email addresses with the message subject heading ‘Crime Prevention Advice’.

It said the email, which is addressed from the Metropolitan Police, contains an attachment concealing a malicious virus, capable of stealing passwords, software codes, and skype conversations.

Another email, titled ‘Notice of Intended Prosecution’, contains a spoof speeding ticket, where clicking on a hyperlink to view evidence of the crime will automatically download a banking Trojan onto your computer.

Carl Mehta, Head of Investigations and Enforcement at the Charity Commission, said: “Charities need to be aware of the imminent danger posed by malicious phishing emails and take appropriate steps to protect their charity from cyber-attack – as a charity’s valuable assets and good reputation can be put at risk from these dangerous scams.”

If a charity receives either of these emails, the Commission has advised that charities can protect themselves in the following ways:

  • Ensure charity software has up-to-date virus protection, but be aware that this will not always prevent you from becoming infected.
  • Do not click on links or open any attachments you receive in unsolicited emails or SMS messages – fraudsters can ‘spoof’ an email address to make it look like it’s from a trusted source.
  • Always install software updates as soon as they become available, as the update will often include fixes for critical security vulnerabilities.
  • If your current software does not offer an ‘anti-spyware’ function, consider installing software which does, as this can detect key loggers.
  • Undertake regular backups of your important files to an external hard drive, memory stick or online storage provider – however, it is important that the device you back up to is not left connected to your computer, as a malware infection could spread to that device too.
  • If you suspect your bank details have been accessed, you should contact your bank immediately.