The Charity Commission, the independent regulator of charities in England and Wales, is issuing this alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.
The information contained within this alert is based on reports made during the past month to Action Fraud, the UK’s national fraud reporting centre.
There are 2 prevalent scams to be aware of:
Fraudsters are sending out a high number of phishing emails to personal and business email addresses with the message subject heading ‘Crime Prevention Advice’. Charities could also be at risk from this disturbing new email scam and are encouraged to be vigilant.
The campaign’s primary function appears to be the distribution of powerful malware via a malicious email attachment. The email sender appears to be spoofing a Metropolitan Police email address, showing the sender as ‘firstname.lastname@example.org’. The email contains the text:
‘TO THE GENERAL PUBLIC See attached document to read more about crime prevention advice. Regards, Metropolitan Police Service.’
The email includes an attachment titled ‘11212527.zip’. This attachment contains malicious content which downloads the iSPY key logger to the victim’s device. This key logger records keystrokes, steals passwords stored in web browsers and Skype conversation records, takes pictures via webcam and stores the license keys of software, such as Microsoft Office and Adobe Photoshop.
Fraudsters are sending out a high number of phishing emails to email addresses connected to businesses in the United Kingdom, with the message subject heading ‘Notice of Intended Prosecution’ and ‘NIP - Notice Number’ followed by a combination of letters and numbers.
Its primary function appears to be distributing Banking Trojan malware, through a malicious link embedded within the email. The emails purport to come from the Greater Manchester Police, so will be of most relevance to those charities based in the North West of the UK.
It is believed that the URL hidden behind the line ‘Check The Photographic Evidence’ delivers the GOZI/ISFP Banking Trojan which is involved in stealing online banking login details from victims. See below for screen-grab of scam email: