The Charity Commission, the independent regulator of charities in England and Wales, has issued a warning to charities about malicious ‘phishing emails’.
There are two prevalent email scams for charities to be aware of:
“Crime Prevention Advice” email
Fraudsters are sending out a number of phishing emails to personal and business email addresses with the subject heading ‘Crime Prevention Advice’. Charities could be at risk from this new email scam and are encouraged to be vigilant. The campaign’s main function seems to be the distribution of the iSPY key logger to the victim’s device. This key logger records keystrokes, steals passwords stored in web browsers and Skype conversation records, takes pictures via webcam and stores the license keys of software, such as Microsoft Office and Adobe Photoshop.
“Notice of Intended Prosecution” email
The second scam is sending out phishing emails to email addresses connected to businesses in the UK with the subject heading ‘Notice of Intended Prosecution’ and ‘NIP – Notice Number’ followed by a combination of letters and numbers. The primary function appears to be distributing Banking Trojan malware via a malicious link embedded within the email.
Macmillan Cancer Support has relied on Mimecast for robust email security backed by a 100% anti-virus and 99% antispam SLA for a number of years.
Protecting against Phishing Emails
Charities are urged to protect themselves by checking that their virus protection is up to date, installing software updates as soon as they become available, undertake regular backups of important files and contact your bank immediately if you suspect your details have been accessed.
“Charities need to be aware of the imminent danger posed by malicious phishing emails and to take appropriate steps to protect their charity from cyber-attack – a charity’s valuable assets and good reputation can be put at risk from these dangerous scams,” said Carl Mehta, head of investigations and enforcement at the Charity Commission.
