Charities at risk of online extortion demands
The Charity Commission is issuing this alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.
Trustees, charity professionals and volunteers should be aware of online extortion or ‘ransom’ demands currently affecting UK businesses. This is because charities could also be vulnerable to attack and so are encouraged to be vigilant. This advice is particularly relevant for those charities which operate overseas and/or deal with international partners in high risk zones.
The information contained within this alert is based on reports made during the past week, to Action Fraud, the UK’s national fraud reporting centre.
What to look out for:
-
a number of businesses throughout the UK have received online extortion demands from a group calling themselves ‘RepKiller Team’
-
the group have sent emails demanding payment of between £300 - £500 in Bitcoins [a form of digital or ‘crypto’ currency] by a certain date and time
-
if their demand is not met, they have threatened to launch a cyber-attack against the organisation and damage its reputation by automating hundreds of negative reviews online
-
the demand states that once their actions have started, they cannot be undone
Action to take
If you have received such a demand, or receive one in the future, you are advised to:
-
NOT meet their demands and pay the ransom
-
make a report to Action Fraud on 0300 123 2040 or via their website www.actionfraud.police.uk
-
retain the original emails (with headers)
-
make a note of the attack, recording all times, type and content of the contact
Carl Mehta, Head of Investigations and Enforcement Operations at the commission, said:
Charities need to be aware of the imminent danger posed by this fraudulent group and to take appropriate steps to protect their charity’s assets and good reputation - both of which could be damaged if the ransom demands of the group are met.
I urge all charities, if they suspect they may have fallen victim to such extortion or ransom fraud, to report it immediately to Action Fraud.