The Charity Commission and Serious Organised Crime Agency (SOCA) are encouraging charities and members of the public to be alert to three types of scam or fraudulent activity which could affect the charitable sector.
The Commission has been working with the SOCA to identify possible threats to charities and to issue practical advice on how to deal with them.
The two organisations have focused in particular on spoof websites, where fraudsters set up websites that mimic well established charities; ‘boiler room’ fraud, where criminals target investors, persuading them to use their savings to purchase bogus stocks and shares; and ‘mass market’ fraud, where fraudsters send what appear to be genuine letters from established companies, instructing people to amend existing records and send their normal payments to a different bank account, which is actually controlled by the fraudster.
The Commission has set out advice to charities and trustees to help them protect their charities from spoof websites and mass market fraud. SOCA has provided advice on how to be aware of ‘boiler room’ fraud.
Andrew Hind, Chief Executive of the Charity Commission, said:”The Commission is concerned to make sure that charities do not leave themselves vulnerable to the same kind of scams that are known to have impacted on private sector companies.”
The Commission acknowledges that the incidence of reported financial crime affecting charities is relatively small compared to the size of the sector. However, when it does happen the impact can be great, and so the regulator believes it is important that charities take this risk seriously.
Spoof websites cropped up during the appeals for assistance following the Haiti Earthquake disaster in January 2010.
The Commission advises that charities provide the following advice to donors or customers who use their websites:
- Always update your information online by using the process you’ve used before, or open a new browser window and type in the website address of the legitimate company’s account maintenance page.
- Be wary of unfamiliar website addresses, as they may not be genuine. Only use the address that you have used before or start at your normal homepage.
- Always report fraudulent or suspicious emails to your Internet Service Provider (ISP). Reporting instances of spoof websites will assist in shutting down these bogus sites before they can do further harm.
- Take note of the header address on the website. Spoof sites are more likely to have an excessively long line of characters in the header, with the business name somewhere in the string, or possibly not at all.
- If you have any doubts about an email or website, make a copy of the questionable website’s URL address and send it to the legitimate business to verify it is genuine.
If charities discover, or suspect, that they are victims of this type of scam, the Commission recommends that they contact the ISP which is hosting the spoof website in order to request that the site be taken down as well as reporting this incident to the Commission and the police.
Share purchase and resale fraud (aka ‘Boiler room’ fraud)
Many of the victims are over the age of 50, so this warning may be of interest to charities providing advice to and working closely with these beneficiaries.
The City of London Police leads nationally on the investigation of boiler room fraud and publishes advice and information on preventing and tackling it.
Mass market fraud
This covers a substantial variety of frauds which rely on letters and emails to reach large numbers of people. In some cases fraudsters pose as legitimate businesses and send what appear to be genuine letters from established companies. These can include customer account details and their current payment information. The letters instruct, for example, tenants to amend existing records and send their normal payment to a different bank account, which is actually controlled by the fraudster. This account may be held with the same bank or a different one.
Any charity which has large numbers of beneficiaries which regularly and routinely make electronic payments for services to the charity may be vulnerable to this type of scam.
The Commission advises that charities in this position should reduce the risk of this type of fraud with the following measures:
- Restrict access to account information on a need to know basis, such as those responsible for processing payments.
- Carry out proper vetting checks on new staff and ensure that these checks have been carried out by companies who supply the charity with agency staff.
- Ensure that beneficiaries and customers as well as staff are clear as to what the charity’s normal business procedure is on communicating important messages to them.
- Ensure that the charity manages beneficiary and client account details in line with current Data Protection guidelines.
Photo: Tony Webster on Flickr.com