The Charity Commission has warned charities that they could find themselves the targets of two email scams designed to install malicious software on their systems.
The commission has issued a regulatory alert about the two scams, which it said was based on reports made over the past month to the fraud reporting centre Action Fraud.
The first message, with the subject line "Crime Prevention Advice", appears to be from a Metropolitan Police email address, showing the sender as firstname.lastname@example.org.
The email reads: "TO THE GENERAL PUBLIC See attached document to read more about crime prevention advice. Regards, Metropolitan Police Service."
The commission said the message includes an attachment containing malicious content that downloads a key logger to the victim’s device, which records keystrokes, steals passwords stored in web browsers and takes webcam pictures.
The other message, which has the subject "Notice of Intended Prosecution" or "NIP – Notice Number", is designed to look like it comes from Greater Manchester Police and appears to be set up to install malicious software, or malware, that will steal online banking login details from victims, the regulator said.
The commission advised charities to ensure they do not click on links or open attachments from unsolicited sources, although fraudsters are able to make emails look like they have come from trusted senders.
Charities should also ensure they have up-to-date virus protection, although that would not always prevent systems from becoming infected, the regulator advised, and make sure they regularly back up important files to an external source.
Carl Mehta, head of investigations and enforcement at the Charity Commission, urged charities to report any suspected phishing scams to Action Fraud and the commission under its serious incident reporting regime.
"Charities need to be aware of the imminent danger posed by malicious phishing emails and to take appropriate steps to protect themselves from cyber-attack," he said. "A charity’s valuable assets and good reputation can be put at risk from these dangerous scams."