A Charity Defrauded By Email

A UK housing charity has said it is “frustrated and angry” after being targeted by cybercriminals and losing nearly £1m. Red Kite Housing, a charitable community benefit society, has posted a statement explaining that it has had £932k stolen by cyber hackers.

‘To be blunt, we were conned. A sophisticated cyber-crime which had a devastatingly simple result: we have lost money. ..I t is the money that our tenants work hard to entrust us with, and that is what makes it hurt even more. It is made worse by the fact that the amount is more than £932,000.’

It said details have been passed to ActionFraud and police are investigating. No customer data was put at risk. The charity has also strengthened its processes and worked to minimise the impact of the loss. Red Kite’s turnover for the financial year ending 31 March 2019 was £34.9m and it employed 127 full time equivalent staff. It has encouraged others not to make the same mistakes it made, and said: “So learn from our experience, believe us, it is a lesson painfully learned!”

Missed Opportunity to Prevent Fraud

Red Kite Housing said that criminals “mimicked the domain and email details of known contacts that were providing services to Red Kite. Cyber criminals recreated an email thread that misled those who were copied into the email that it was a genuine follow up to an existing conversation. Staff then failed to follow a two-stage process to verify changes to payments, meaning there was a “missed opportunity to shut the door before the money was taken. This is the part that upsets everyone involved.”

In a follow-up statement, the charity said that it could not disclose whether any action had been taken against individuals. But it said it has strengthened systems and processes in the wake of the incident.

“We have continued to build additional security measures into our IT and to review completely all our processes in relation to payments in order to minimise the chance of a single point of weakness occurring in the future,” it said. “Most importantly, we have strengthened further our staff training in the risks.”

Red Kite brought in technology experts to help gather evidence to pass on to the police via UK “ActionFraud, the dedicated police unit that responds to cyber-crime and the police are actively investigating what happened. 

Downgraded by Regulator

Red Kite Housing is regulated by the Regulator of Social Housing, which has downgraded its governance score following the incident. The charity is now rated as “G2”, meaning it complies with the rules but needs to improve some aspects. It was previously rated “G1”, which is the highest of four scores. The charity said it was unable to publish details of the incident, which occurred in the summer, until the regulator’s embargo had lifted. In a statement, the regulator said: “Red Kite has experienced a significant financial loss as a result of a fraud due to a basic failure in its system of internal controls.

“Improvements are required to Red Kite’s control framework to ensure that key financial controls are robust, operating in line with established policies and procedures and with appropriate leadership oversight.... The provider has met its co-regulatory obligations in self-referring the matter to the regulator. The regulator is working with Red Kite to address the weaknesses identified.”

Red Kite Housing:        Civil Society:          Bucks Free Press:      Third Sector:       


You Might Also Read:

Cyber Crime Is An Increasing Risk For Charities:

 


 

« The New Battlefield
Cyber Crime Is Over 50% Of All Reported Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

Cyber Together

Cyber Together

Cyber Together is dedicated to advancing the cyber security industry by giving businesses access to Israel’s leaders, innovators and great minds in the field of cyber security.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Jeffer Mangels Butler & Mitchell LLP (JMBM)

Jeffer Mangels Butler & Mitchell LLP (JMBM)

JMBM is a full service law firm providing counseling and litigation services in a wide range of areas including cyber security.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

Huntress Labs

Huntress Labs

Huntress provides managed threat detection and response services to uncover and address malicious footholds that slip past your preventive defenses.

doIT Solutions

doIT Solutions

doIT solutions specialize in IT security and infrastructure, security automation, data center, and cybersecurity.

ProLion

ProLion

ProLion provides Data Integrity solutions that ensure organisations’ data remains secure, compliant, manageable and accessible.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.

Mindcore Technologies

Mindcore Technologies

Mindcore provide cyber security services, managed IT services and IT consulting services to businesses in NJ, FL, and throughout the United States.

Security Awareness Special Interest Group (SASIG)

Security Awareness Special Interest Group (SASIG)

The Security Awareness Special Interest Group (SASIG) addresses the human aspects of security and fraud prevention in an initiative to improve trust and confidence in the online environment.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.