Charity Commission warns charities of potential scams

Charity Commission Logo


(Immediate release 28 July 2010)

The Charity Commission, the independent regulator of charities in England and Wales, is taking action to help charities and members of the public to be alert to scams or fraudulent activity which could affect the charitable sector. The Commission has been working with the Serious Organised Crime Agency (SOCA) to identify relevant warnings on issues which could affect charities, and to offer advice. These include:

  • spoof websites - where fraudsters set up websites that mimic well established charities;
  • ‘boiler room’ fraud – where criminals target investors, persuading them to use their savings to purchase bogus stocks and shares;
  • ‘mass market’ fraud - where fraudsters send what appear to be genuine letters from established companies, instructing people to amend existing records and send their normal payments to a different bank account, which is actually controlled by the fraudster.

The Commission has set out advice below to charities and trustees to help them protect their charities from spoof websites and mass market fraud. SOCA has provided advice on how to be aware of ‘boiler room’ fraud.

Andrew Hind, Chief Executive of the Charity Commission, said:

“We are pleased to have worked with SOCA on these alerts and warnings to avoid potential criminal abuse of the charity sector, by helping people know what to look out for. The Commission is concerned to make sure that charities do not leave themselves vulnerable to the same kind of scams that are known to have impacted on private sector companies.”

SOCA fraud expert Colin Woodcock said:

“Scams cost the UK billions every year, and the criminals behind them are plausible and endlessly inventive. No-one, including the charity sector, should think they are immune. SOCA is attacking the problem in many ways. Our work with partners, particularly overseas where many of these scams originate, is helping to squeeze the routes that criminals use to target the UK. But there is also a huge impact to be made through increased awareness. Following some simple advice can be the key to making sure the criminals don’t succeed”.

The incidence of reported financial crime affecting charities is relatively small compared to the size of the sector. However, when it does happen the impact can be great, and so it is important that charities take this risk seriously.

The voluntary nature of charities and their nature and areas of work can make them vulnerable to people who want to misuse charities for their own gain. Financial crimes such as fraud, theft, and money laundering, or the loss of electronic data can result not only in significant loss of charitable funds but also in damage to the public trust and confidence in charities more generally. One way in which charities can protect themselves against fraud generally is to ensure they have proper financial and other controls in place.

1. Spoof websites

Many companies have been victims of a type of internet fraud where fake websites are set up to mimic well established companies. The victim will enter credit card details or other valuable personal financial information, believing it to be a genuine site. This is a growing problem which affects the profits and reputation of businesses, and contributes to a rise in identity theft, credit card fraud and other internet frauds. Criminals also infringe trademarks, logos and UK copyright laws in these scams.

The Commission saw some evidence of this during the appeals for assistance for the Haiti Earthquake disaster. The Commission advises that charities provide the following advice to donors or customers who use their websites:

  • Always update your information online by using the process you’ve used before, or open a new browser window and type in the website address of the legitimate company’s account maintenance page.
  • Be wary of unfamiliar website addresses, as they may not be genuine. Only use the address that you have used before or start at your normal homepage.
  • Always report fraudulent or suspicious emails to your Internet Service Provider (ISP). Reporting instances of spoof websites will assist in shutting down these bogus sites before they can do further harm.
  • Take note of the header address on the website. Spoof sites are more likely to have an excessively long line of characters in the header, with the business name somewhere in the string, or possibly not at all.
  • If you have any doubts about an email or website, make a copy of the questionable website’s URL address and send it to the legitimate business to verify it is genuine.

If charities discover, or suspect, that they are victims of this type of scam, the Commission recommends that they contact the ISP which is hosting the spoof website in order to request that the site be taken down as well as reporting this incident to the Commission and the police.

2. Share purchase and resale fraud (aka ‘Boiler room’ fraud)

‘Boiler room’ fraud is not directed against organisations but against individuals. Organised criminals target investors, persuading them to use their savings to purchase bogus stocks and shares. The unwitting victims are promised profits which never materialise. The potential victims of ‘boiler room’ fraud include experienced investors, moderate savers, the elderly and the vulnerable.

Many of the victims are over the age of 50, so this warning may be of interest to charities providing advice to and working closely with these beneficiaries.

The City of London Police leads nationally on the investigation of boiler room fraud and further detail, including information on what ‘boiler room’ fraud is, can found here: http://www.cityoflondon.police.uk/

3. Mass market fraud

This covers a substantial variety of frauds which rely on letters and emails to reach large numbers of people. In some cases fraudsters pose as legitimate businesses and send what appear to be genuine letters from established companies. These can include customer account details and their current payment information. The letters instruct, say, tenants to amend existing records and send their normal payment to a different bank account, which is actually controlled by the fraudster. This account may be held with the same bank or a different one.

Any charity which has large numbers of beneficiaries which regularly and routinely make electronic payments for services to the charity may be vulnerable to this type of scam.

Suggestions for protecting your data

If your charity regularly receives regular electronic payments, then the following advice could help reduce the risk of this type of fraud:

  • Restrict access to account information on a need to know basis, such as those responsible for processing payments.
  • Carry out proper vetting checks on new staff and ensure that these checks have been carried out by companies who supply you with agency staff.
  • Ensure that your beneficiaries and customers as well as your staff are clear as to what your normal business procedure is on communicating important messages to them.
  • Ensure that you manage your beneficiary and client account details in line with current Data Protection guidelines. Further detailed information on the subject can be found on the Information Commissioner’s website www.ico.gov.uk

End.

For further information on this story, please contact the press office.

PR52/10

Notes to Editors

  • The Charity Commission is the independent regulator of charities in England and Wales. See www.charitycommission.gov.uk for further information or call our contact centre on 0845 300 0218.

Top of page

© Crown Copyright

© 2012 Crown Copyright          Copyright Notice, Disclaimer and Privacy Statement