The Charity Commission has issued a warning to be on the lookout for ‘phishing’ emails impersonating charity CEOs. The warning comes after Action Fraud UK, the UK’s national fraud reporting centre, reported an increase in this type of fraud. Charity trustees, employees and volunteers are being told to be aware of ‘requests to your finance department or staff with authority to transfer funds’ which claim to be from a charity’s CEO but are actually from a spoofed email address. Tim Helming, Director of Product Management at DomainTools commented below.
Tim Helming, Director of Product Management at DomainTools:
“The fact that Action Fraud have picked out the charity sector as a potential target for phishing attack is no surprise. The shoestring budgets associated with most charitable organizations, and the understandable prioritization of frontline services over cybersecurity products and training is well known, meaning malicious actors can exploit their lack of funding. Our phishing detection solution, PhishEye, recently revealed a plethora of websites posing as well-known UK charities, which given their associated risk score, are undoubtedly engaging in phishing or malware campaigns, intending to exploit members of the public hoping to donate.
Organizations need to realize that while prioritizing cybersecurity may not be immediately obvious on a tight budget, failing to do so could cause more damage to frontline services in the long-run”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.