A Charity Defrauded By Email

A UK housing charity has said it is “frustrated and angry” after being targeted by cybercriminals and losing nearly £1m. Red Kite Housing, a charitable community benefit society, has posted a statement explaining that it has had £932k stolen by cyber hackers.

‘To be blunt, we were conned. A sophisticated cyber-crime which had a devastatingly simple result: we have lost money. ..I t is the money that our tenants work hard to entrust us with, and that is what makes it hurt even more. It is made worse by the fact that the amount is more than £932,000.’

It said details have been passed to ActionFraud and police are investigating. No customer data was put at risk. The charity has also strengthened its processes and worked to minimise the impact of the loss. Red Kite’s turnover for the financial year ending 31 March 2019 was £34.9m and it employed 127 full time equivalent staff. It has encouraged others not to make the same mistakes it made, and said: “So learn from our experience, believe us, it is a lesson painfully learned!”

Missed Opportunity to Prevent Fraud

Red Kite Housing said that criminals “mimicked the domain and email details of known contacts that were providing services to Red Kite. Cyber criminals recreated an email thread that misled those who were copied into the email that it was a genuine follow up to an existing conversation. Staff then failed to follow a two-stage process to verify changes to payments, meaning there was a “missed opportunity to shut the door before the money was taken. This is the part that upsets everyone involved.”

In a follow-up statement, the charity said that it could not disclose whether any action had been taken against individuals. But it said it has strengthened systems and processes in the wake of the incident.

“We have continued to build additional security measures into our IT and to review completely all our processes in relation to payments in order to minimise the chance of a single point of weakness occurring in the future,” it said. “Most importantly, we have strengthened further our staff training in the risks.”

Red Kite brought in technology experts to help gather evidence to pass on to the police via UK “ActionFraud, the dedicated police unit that responds to cyber-crime and the police are actively investigating what happened. 

Downgraded by Regulator

Red Kite Housing is regulated by the Regulator of Social Housing, which has downgraded its governance score following the incident. The charity is now rated as “G2”, meaning it complies with the rules but needs to improve some aspects. It was previously rated “G1”, which is the highest of four scores. The charity said it was unable to publish details of the incident, which occurred in the summer, until the regulator’s embargo had lifted. In a statement, the regulator said: “Red Kite has experienced a significant financial loss as a result of a fraud due to a basic failure in its system of internal controls.

“Improvements are required to Red Kite’s control framework to ensure that key financial controls are robust, operating in line with established policies and procedures and with appropriate leadership oversight.... The provider has met its co-regulatory obligations in self-referring the matter to the regulator. The regulator is working with Red Kite to address the weaknesses identified.”

Red Kite Housing:        Civil Society:          Bucks Free Press:      Third Sector:       


You Might Also Read:

Cyber Crime Is An Increasing Risk For Charities:

 


 

« The New Battlefield
Cyber Crime Is Over 50% Of All Reported Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Leonardo

Leonardo

Leonardo (formerly Finmeccanica) is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

Cyber Together

Cyber Together

Cyber Together is dedicated to advancing the cyber security industry by giving businesses access to Israel’s leaders, innovators and great minds in the field of cyber security.

CERT-UG/CC

CERT-UG/CC

CERT-UG/CC is the national Computer Emergency Response Team for Uganda, operating under the National Information Technology Authority (NITA-U)

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

Department of Justice & Equality - Cybercrime Division

Department of Justice & Equality - Cybercrime Division

The Cybercrime division is responsible for developing policy in relation to the criminal activity and coordinating a range of different cyber initiatives at national and international level.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

GB Group (GBG)

GB Group (GBG)

GBG is a global technology specialist in fraud, location and identity data intelligence.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

Portshift

Portshift

Portshift leverages the power of Kubernetes and Service-Mesh to deliver a single source of truth for containers and cloud-native applications security.

Onclave Networks

Onclave Networks

Onclave Networks is a global cybersecurity leader, transforming the future of securing all IT/OT devices and systems.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

Suffescom Solutions

Suffescom Solutions

Suffescom Solutions is a leading blockchain development company, assisting businesses in harnessing the true potential of blockchain technology.

StealthPath

StealthPath

StealthPath is focused on endpoint protection, securing the “implicit trust” vulnerabilities of current leading information security solutions.

Tyto Athene

Tyto Athene

At Tyto Athene, we harness the power of technology to provide solutions that shape the future.

Yokai

Yokai

Yokai is a secure, distributed platform for data communication with enhanced security features tailored for classified environments such as finance, defence, healthcare, cybersecurity, and more.