The information in this alert is based on reports made to Action Fraud, the UK’s national fraud reporting centre, and follows previous advice from the Commission about the threat from CEO fraud.
CEO fraud and how are gift cards used to commit this
This fraud involves the fraudulent impersonation of a senior figure within a charity, often the Chief Executive Officer (CEO) with subsequent requests for the fraudulent transfers of funds by the charity to the fraudster’s bank account (see the Charity Commission regulatory alert about CEO fraud.
Action Fraud are reporting a new variation on this type of fraud whereby charities are targeted by fraudsters falsely claiming to be the CEO (or a similar senior position within the charity) requesting that gift card vouchers be purchased for staff as a form of Christmas gift.
Once the vouchers have been purchased, the fraudster requests copies of the cards and their codes, allowing the fraudster to spend up to the value of the card.
Contact is typically made by email, usually from a spoofed or similar email address as the one the CEO or director of the charity would use.
What you need to do
- ensure that you have robust processes in place to verify and corroborate all requests requiring a payment or transaction
- get in touch with the purported originator directly, using contact details you know to be correct, to confirm that the request you have received is legitimate
- all employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious
- sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate employees – always shred confidential documents before throwing them away