A Charity Defrauded By Email

Uploaded on 2020-03-02 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

A UK housing charity has said it is “frustrated and angry” after being targeted by cybercriminals and losing nearly £1m. Red Kite Housing, a charitable community benefit society, has posted a statement explaining that it has had £932k stolen by cyber hackers.

‘To be blunt, we were conned. A sophisticated cyber-crime which had a devastatingly simple result: we have lost money. ..I t is the money that our tenants work hard to entrust us with, and that is what makes it hurt even more. It is made worse by the fact that the amount is more than £932,000.’

It said details have been passed to ActionFraud and police are investigating. No customer data was put at risk. The charity has also strengthened its processes and worked to minimise the impact of the loss. Red Kite’s turnover for the financial year ending 31 March 2019 was £34.9m and it employed 127 full time equivalent staff. It has encouraged others not to make the same mistakes it made, and said: “So learn from our experience, believe us, it is a lesson painfully learned!”

Missed Opportunity to Prevent Fraud

Red Kite Housing said that criminals “mimicked the domain and email details of known contacts that were providing services to Red Kite. Cyber criminals recreated an email thread that misled those who were copied into the email that it was a genuine follow up to an existing conversation. Staff then failed to follow a two-stage process to verify changes to payments, meaning there was a “missed opportunity to shut the door before the money was taken. This is the part that upsets everyone involved.”

In a follow-up statement, the charity said that it could not disclose whether any action had been taken against individuals. But it said it has strengthened systems and processes in the wake of the incident.

“We have continued to build additional security measures into our IT and to review completely all our processes in relation to payments in order to minimise the chance of a single point of weakness occurring in the future,” it said. “Most importantly, we have strengthened further our staff training in the risks.”

Red Kite brought in technology experts to help gather evidence to pass on to the police via UK “ActionFraud, the dedicated police unit that responds to cyber-crime and the police are actively investigating what happened. 

Downgraded by Regulator

Red Kite Housing is regulated by the Regulator of Social Housing, which has downgraded its governance score following the incident. The charity is now rated as “G2”, meaning it complies with the rules but needs to improve some aspects. It was previously rated “G1”, which is the highest of four scores. The charity said it was unable to publish details of the incident, which occurred in the summer, until the regulator’s embargo had lifted. In a statement, the regulator said: “Red Kite has experienced a significant financial loss as a result of a fraud due to a basic failure in its system of internal controls.

“Improvements are required to Red Kite’s control framework to ensure that key financial controls are robust, operating in line with established policies and procedures and with appropriate leadership oversight.... The provider has met its co-regulatory obligations in self-referring the matter to the regulator. The regulator is working with Red Kite to address the weaknesses identified.”

Red Kite Housing:        Civil Society:          Bucks Free Press:      Third Sector:       


You Might Also Read:

Cyber Crime Is An Increasing Risk For Charities:

 


 

« The New Battlefield
Cyber Crime Is Over 50% Of All Reported Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

Executive Women's Forum (EWF)

Executive Women's Forum (EWF)

The Executive Women's Forum is the largest member organization serving emerging leaders and influential female executives in the Information Security, Risk Management and Privacy industries.

Ivanti

Ivanti

Ivanti provide user-centered IT solutions designed to increase user productivity while reducing IT security risk.

ThreatBook

ThreatBook

ThreatBook is dedicated to providing real-time, accurate and actionable threat intelligence to block, detect and prevent attacks.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

Next47

Next47

Next47 is a global venture firm, backed by Siemens, committed to turning today's impossible ideas into tomorrow's indispensable industries.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

Darkbeam

Darkbeam

Darkbeam provides a unified solution to protect against security, brand and compliance risks across your digital infrastructure.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.

Diversified Search Group - Alta Associates

Diversified Search Group - Alta Associates

Diversified Search Group is an industry leader in recruiting diverse, inclusive and transformational leadership for clients.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

CyberXpert

CyberXpert

CyberXpert is your cybersecurity partner for the public and private sector in Belgium.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.

Cyber Unicorns

Cyber Unicorns

Cyber Unicorns is a cyber security consultancy created to help drive cyber security outcomes in the small to medium-sized business space.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.