Charity Data Security: Three Scams to be Aware About and How to Protect Your Charity

By: Cyber Till | Posted on January 12, 2017
Scam warning image - hacker

As the festive holidays close and we feel refreshed (if maybe bloated) and maybe still in a slight holiday mode, it’s time to look at the critical things we need be aware of and take action in the year ahead.

Only last month the Charities Commission issued an alert to charities as regulatory advice under section 15(2) of the Charities Act 2011 based on reports to Action Fraud, the UK’s national fraud reporting centre.

Christmas Day and early January are exceptionally busy e-commerce days as we spend our vouchers and look at things to buy and a prime time for scammers and the phishers who are actively working flat out to try and use our good humour and feelings of wellbeing to trick us.

This can be equally important to charities, we have seen that the industry regulators are warning that cyber security is becoming massively important and undoubtedly it is. The problems lots of charities have particularly the smaller charities, (but lets not forget the big nationals), is that IT is sometimes seen as a second priority and this can be dangerous.

Many charities look to outside companies to provide their technology and that does make ultimate sense from many perspectives but we still see charities purchasing solutions from companies that in themselves, don’t have the necessary security infrastructure to ensure the data remains intact and secure.

Here at Cybertill our Charity Store Product is a true cloud solution and as such we take security very seriously. We have all seen the news and heard stories about what is the best platform to hold your data, we see IT teams admittedly rarely now a days that believe that their internal security can handle all threats, but they aren’t there 24 hours a day, 365 days a year and they don’t spend thousands of pounds never mind millions of pounds constantly managing and securing the data.

That’s where the big benefit (and peace of mind) of using a best of breed cloud provider to secure their organisation 24x7. Few, if any charities can afford to spend hundreds of thousands of pounds every year on top server security to protect the data. That’s where platforms such as CharityStore come into play. Offering massive investment in data security and compliance through Amazon Web Services to host client data within multiple high security, high availability data centres where everything is managed to the latest PCI level 1 and ISO 27001 security standards.

Here at Cybertill CharityStore we ourselves are fully ISO 27001 security accredited to give all our customers the peace of mind that their data is secure. This however does not extend to all providers of IT solutions to charities. We see companies offering supposedly high security Cloud solutions but who don’t publish where the data is nor do they conform in many cases to any security standards and this is a little frightening in this day and age of highly sophisticated hackers and criminals.

Sorry to bring somewhat negative thoughts at this time of year, but it is something we need as an industry to highlight and to promote best practices for all Charities and if we can just spare a minute to think about how we are operating we might just make life a lot more difficult for the less honest and trustworthy among us.   

Three Current Scams to be Aware of
 

  1. 1. ‘Crime Prevention Advice’ email Fraudsters are sending out a high number of phishing emails to personal and business email addresses with the message subject heading ‘Crime Prevention Advice’. Charities could also be at risk from this disturbing new email scam and are encouraged to be vigilant. The campaign’s primary function appears to be the distribution of powerful malware via a malicious email attachment. The email sender appears to be spoofing a Metropolitan Police email address, showing the sender as ‘crime@content.met.police.uk’. The email contains the text:
     
  2. 2. ‘TO THE GENERAL PUBLIC See attached document to read more about crime prevention advice. Regards, Metropolitan Police Service.’ The email includes an attachment titled ‘11212527.zip’. This attachment contains malicious content which downloads the iSPY key logger to the victim’s device. This key logger records keystrokes, steals passwords stored in web browsers and Skype conversation records, takes pictures via webcam and stores the license keys of software, such as Microsoft Office and Adobe Photoshop.
     
  3. 3. ‘Notice of Intended Prosecution’ email Fraudsters are sending out a high number of phishing emails to email addresses connected to businesses in the United Kingdom, with the message subject heading ‘Notice of Intended Prosecution’ and ‘NIP – Notice Number’ followed by a combination of letters and numbers. Its primary function appears to be distributing Banking Trojan malware, through a malicious link embedded within the email. The emails purport to come from the Greater Manchester Police, so will be of most relevance to those charities based in the North West of the UK. It is believed that the URL hidden behind the line ‘Check The Photographic Evidence’ delivers the GOZI/ISFP Banking Trojan which is involved in stealing online banking login details from victims.

The data security issue for charities is one of our biggest priorities and we want to help the sector as much as we can. You have any questions or concerns, please feel free to email rob.finley@cybertill.co.uk.

Comment status: Open

Share this article

 

Subscribe to RSS feeds

Subscribe to Syndicate