A Charity Defrauded By Email
A UK housing charity has said it is “frustrated and angry” after being targeted by cybercriminals and losing nearly £1m. Red Kite Housing, a charitable community benefit society, has posted a statement explaining that it has had £932k stolen by cyber hackers.
‘To be blunt, we were conned. A sophisticated cyber-crime which had a devastatingly simple result: we have lost money. ..I t is the money that our tenants work hard to entrust us with, and that is what makes it hurt even more. It is made worse by the fact that the amount is more than £932,000.’
It said details have been passed to ActionFraud and police are investigating. No customer data was put at risk. The charity has also strengthened its processes and worked to minimise the impact of the loss. Red Kite’s turnover for the financial year ending 31 March 2019 was £34.9m and it employed 127 full time equivalent staff. It has encouraged others not to make the same mistakes it made, and said: “So learn from our experience, believe us, it is a lesson painfully learned!”
Missed Opportunity to Prevent Fraud
Red Kite Housing said that criminals “mimicked the domain and email details of known contacts that were providing services to Red Kite. Cyber criminals recreated an email thread that misled those who were copied into the email that it was a genuine follow up to an existing conversation. Staff then failed to follow a two-stage process to verify changes to payments, meaning there was a “missed opportunity to shut the door before the money was taken. This is the part that upsets everyone involved.”
In a follow-up statement, the charity said that it could not disclose whether any action had been taken against individuals. But it said it has strengthened systems and processes in the wake of the incident.
“We have continued to build additional security measures into our IT and to review completely all our processes in relation to payments in order to minimise the chance of a single point of weakness occurring in the future,” it said. “Most importantly, we have strengthened further our staff training in the risks.”
Red Kite brought in technology experts to help gather evidence to pass on to the police via UK “ActionFraud, the dedicated police unit that responds to cyber-crime and the police are actively investigating what happened.
Downgraded by Regulator
Red Kite Housing is regulated by the Regulator of Social Housing, which has downgraded its governance score following the incident. The charity is now rated as “G2”, meaning it complies with the rules but needs to improve some aspects. It was previously rated “G1”, which is the highest of four scores. The charity said it was unable to publish details of the incident, which occurred in the summer, until the regulator’s embargo had lifted. In a statement, the regulator said: “Red Kite has experienced a significant financial loss as a result of a fraud due to a basic failure in its system of internal controls.
“Improvements are required to Red Kite’s control framework to ensure that key financial controls are robust, operating in line with established policies and procedures and with appropriate leadership oversight.... The provider has met its co-regulatory obligations in self-referring the matter to the regulator. The regulator is working with Red Kite to address the weaknesses identified.”
Red Kite Housing: Civil Society: Bucks Free Press: Third Sector:
You Might Also Read:
Cyber Crime Is An Increasing Risk For Charities: