Tag: fraud

Watch out for CEO/BEC fraud

What is CHIEF EXECUTIVE OFFICER (CEO) Fraud?

CEO fraud, also known as Business Email Compromise (BEC), is a type of fraud that is enabled via social engineering. Social engineering is the manipulation of situations and people that results in the targeted individuals divulging conﬁdential information.

CEO fraud involves the impersonation of a senior figure (usually the Chief Executive Officer) with subsequent requests for transfers of funds.

How does CEO fraud happen?

CEO fraud is a request, often made via email, purporting to come from a senior person in the company, normally to the finance officer, requesting an urgent payment.

The request may outline that the transaction is conﬁdential and sensitive in order to discourage further veriﬁcation. The fraudster may pick occasions when the real CEO is out of the office, or on holiday, preventing the financial officer from checking the validity of the request.

How can I help to prevent CEO fraud? A checklist:

Any payment requests with new or amended bank details received by email, letter or phone should be independently verified. This includes internal emails from senior management that contain payment requests. Fraudsters can spoof email addresses to make them appear to be from a genuine contact, including someone from your own organisation.
Don’t be pressured by urgent requests, even if they appear to originate from someone senior – remember this is a common tactic adopted by fraudsters.
Be cautious of how much information you reveal about your company and key officials via social media platforms and out-of-office automatic replies.
Consider removing information such as testimonials from your own or your suppliers’ websites or social media channels that could lead fraudsters to knowing who your suppliers are.
Regularly conduct audits on your accounts
Make all staff aware of this type of fraud, particularly those that make payments.
Ensure warning messages are understood and that appropriate checks, actions and processes are followed to ensure requests are genuine.
Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate suppliers or employees. Always shred confidential documents before throwing them away

What to do if you suspect you’ve fallen victim to impersonation fraud

If you believe you’ve fallen victim to a CEO fraud attack, contact your bank immediately. They will try to recover the money from the fraudster’s bank account. The quicker you alert your bank, the greater the chance of recovering the funds.
Report it to ActionFraud – the police’s national fraud and cyber crime reporting centre. Even if you’ve not suffered any financial loss, this will allow the police to analyse trends and help them to prevent fraudsters exploiting other companies. You can file a report via their website at www.actionfraud.police.uk
Charities affected by fraud should also report it to the Charity Commission as a serious incident.
Where appropriate, the Charity Commission can also provide timely advice and guidance.

Protect Your Charity’s Money – Internal Financial Controls

As a trustee you must take steps to make sure that your charity’s money is safe, properly used and accounted for. Every trustee has to do this. Even if your charity has an expert to manage its finances, you are still responsible for overseeing your charity’s money.

Protect your charity’s money

Make sure that money is only spent on what is allowed by the charity’s governing document and policies. If it is not, you and the other trustees need to put it right.

Use the Internal financial controls checklist (MS Word Document, 31.6KB) to help you know you are doing this properly. This will help you make sure that money coming into the charity is:

secure and recorded
only spent on your charitable purposes
at less risk of theft, fraud or cyber crime

Advice on Whistleblowing from the Charity Commission

Advice on Whistleblowing from the Charity Commission

The Charity Commission is a ‘prescribed person’ under the Public Interest Disclosure Act 1998 (PIDA), which provides the statutory framework for employment protections for charity workers who make a qualifying disclosure (or ‘blow the whistle’) to them about suspected wrongdoing, including crimes and regulatory breaches by their employer.

“Our aim is to make it straightforward for charity workers to bring concerns covered in PIDA to our attention. It is important that they feel able to speak up about a serious wrongdoing they have identified.

We understand how difficult it may have been for them to bring a matter to our attention, and its importance to them. We recognise the value of this information, as workers will have a unique insight into how a charity is operating on a day to day basis.

These disclosures provide us with information that will help us fulfil our regulatory duties.

When opening a case we record the nature of the issue that is raised with us. The most reported issue categories were governance issues, safeguarding, fraud and money laundering.

Whistleblowing disclosures help us detect and prevent concerns within the sector and take steps to put these right. They help create more effective and efficient charities and more generally assist in raising the public’s trust and confidence in charities and the charitable sector.”

You can also report issues to your employer – check your charity’s whistleblowing policy (a Whistleblowing Policy Template can be found here: Whistleblowing-Policy__fraud_site_)

What to report to the Charity Commission

You can report things that have happened, are happening or are likely to happen. Only report issues to them that could seriously harm:

the people a charity helps
the charity’s staff or volunteers
services the charity provides
the charity’s assets
the charity’s reputation