Today is Friday, and for most people this means a chance to daydream about weekend plans, preparing for Eurovision, or listening to this musical masterpiece. Unfortunately for some charities Friday is not quite as joyful, as they fall victim to the various 'Friday afternoon' frauds. Charities can be particularly at risk of falling victims to these scams as charities might have a small team where individuals often work from home, or the charity relies on volunteers in the office, or they have a high turnover of staff with stretched resources.
So what are the Friday afternoon frauds?
Friday afternoon frauds can be varied, and do not always occur on a Friday!
Official looking emails asking for bank transfer:
Often they involve an official looking email from the CEO or another senior staff often asking for a bank transfer or a change of banking information. These emails will often involve common tricks: nearly identical email addresses, the staff signature (remember CEO’s do not need to sign Annual Reports for the Charity Commission as fraudsters can use the website to copy signatures). Often the asking amount is in the low £1000 and are for products/services that a charity would normally use. If any of these emails or letters have phone numbers on them then a quick Google can be useful. Sometimes fraudsters will provide a phone number for a charity to use that will direct to themselves or an accomplice. If you are unsure if the phone number is legitimate do not use it! Also a quick phone call to the CEO if they are working from home can also go a long way to preventing fraud. If in doubt about whether a request for a transaction is legitimate, you can contact your bank for further advice.
Fake bailiffs and phantom debts:
Fake bailiff letters are common and are often written in a way to encourage quick decisions based on fear. Bailiff’s can only recover certain debt (often council related) and debt collectors do not have the same legal powers as bailiffs and will not have special court authorisation to act. Do not feel rushed or intimidated into making a quick decision. If you receive a bailiff notification remember you can check with the local court about whether this has been issued. You can request details of the debt in writing to access its legitimacy.
One charity received invoices from an Eastern European company requesting payment patents on Intellectual Property. They managed to counter this fraud in two ways. First they had an internal system in place that stated how they handled invoices. Second, they read the (very tiny) fine print to see that it confirmed that it was not an invoice, but rather a subscription to the companies’ trademark listing directory. So always read the whole document before any action is taken!
Unfortunately this is not a reference to a new Godzilla film, but rather is a fraud where a group called ‘Lizard Squad’ will either seize data and information, or threaten a denial of service attack which can bring down a charities website. They demand 5 Bitcoins (a form of online currency) by a certain date and time from a charity to stop this extortion. The Charity Commission recently issued a warning on this fraud.
Steps you can take
Do not pay the out any money before you are 100% certain it is legitimate! It is often hard to recover loses from these type of frauds. If you have been subjected to any of the fraud attempts above (whether you fell victim or not) contact Action Fraud and the Charity Commission. Charities can counter this by ensuring that they have proper and adequate online protection. Reassess your how your IT systems are protected, and encrypt any sensitive information. Charities should have internal procedures in place that employees should know about when dealing with financial transactions. Sometimes a simple phone call to the CEO working from home, or you bank can go a long way to preventing fraud. Get Safe Online which is a great resource for understanding online safety for organisations. CFG is also conducting research with the Charity Commission to understand the nature of fraud within the sector. If you would like to contribute to this research then please contact firstname.lastname@example.org
« Back to all blog posts