Regulatory alert: charities at risk of cyber attack

The Charity Commission

December 13
16:18 2016

The Charity Commission, the independent regulator of charities in England and Wales, is issuing this alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.

The information contained within this alert is based on reports made during the past month to Action Fraud, the UKs national fraud reporting centre.

There are 2 prevalent scams to be aware of:

Crime Prevention Advice email

Fraudsters are sending out a high number of phishing emails to personal and business email addresses with the message subject heading Crime Prevention Advice. Charities could also be at risk from this disturbing new email scam and are encouraged to be vigilant.

The campaigns primary function appears to be the distribution of powerful malware via a malicious email attachment. The email sender appears to be spoofing a Metropolitan Police email address, showing the sender as The email contains the text:

TO THE GENERAL PUBLICSee attached document to read more about crime prevention advice. Regards, Metropolitan Police Service.

The email includes an attachment titled This attachment contains malicious content which downloads the iSPY key logger to the victims device. This key logger records keystrokes, steals passwords stored in web browsers and Skype conversation records, takes pictures via webcam and stores the license keys of software, such as Microsoft Office and Adobe Photoshop.

Notice of Intended Prosecution email

Fraudsters are sending out a high number of phishing emails to email addresses connected to businesses in the United Kingdom, with the message subject heading Notice of Intended Prosecution and NIP - Notice Number followed by a combination of letters and numbers.

Its primary function appears to be distributing Banking Trojan malware, through a malicious link embedded within the email. The emails purport to come from the Greater Manchester Police, so will be of most relevance to those charities based in the North West of the UK.

It is believed that the URL hidden behind the line Check The Photographic Evidence delivers the GOZI/ISFP Banking Trojan which is involved in stealing online banking login details from victims. See below for screen-grab of scam email:

Fake email purporting to be from Greater Manchester Police
Fake email purporting to be from Greater Manchester Police

In both cases, charities are advised to protect themselves in the following ways:

  • ensure charity software has up-to-date virus protection, though it will not always prevent you from becoming infected
  • do not click on links or open any attachments you receive in unsolicited emails or SMS messages - fraudsters can spoof an email address to make it look like its from a trusted source
  • if youre unsure, check the email header to identify the true source of communication - information on how to locate email headers can be found at
  • always install software updates as soon as they become available, as the update will often include fixes for critical security vulnerabilities
  • if your current software does not offer an anti-spyware function, consider installing software which does, as this can detect key loggers
  • undertake regular backups of your important files to an external hard drive, memory stick or online storage provider - however, its important that the device you back up to is not left connected to your computer, as a malware infection could spread to that device too
  • if you suspect your bank details have been accessed, you should contact your bank immediately

If you think your charity has been affected by a phishing scam, or any other type of fraud, you should report it to Action Fraud by calling 0300 123 2040, or visiting

Trustees are advised also to report suspected or known fraud incidents to the Commission at

Serious incident reporting helps the Commission to gauge the volume and impact of incidents within charities and to understand the risks facing the sector as a whole.

Carl Mehta, Head of Investigations and Enforcement at the Charity Commission said:

Charities need to be aware of the imminent danger posed by malicious phishing emails and to take appropriate steps to protect their charity from cyber-attack - a charitys valuable assets and good reputation can be put at risk from these dangerous scams.

I urge all charities, if they suspect they may have fallen victim to phishing scams, to report it immediately to Action Fraud, and to the Commission under its serious incident reporting regime.You can visit for advice and top tips on how to protect your charity against cyber-fraud.

Related Articles


  1. We don't have any comments for this article yet. Why not join in and start a discussion.

Write a Comment

Your name:
Your email:

Post my comment

Recent Comments

Follow Us on Twitter

Share This

Enjoyed this? Why not share it with others if you've found it useful by using one of the tools below: