A Charity Defrauded By Email

Uploaded on 2020-03-02 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

A UK housing charity has said it is “frustrated and angry” after being targeted by cybercriminals and losing nearly £1m. Red Kite Housing, a charitable community benefit society, has posted a statement explaining that it has had £932k stolen by cyber hackers.

‘To be blunt, we were conned. A sophisticated cyber-crime which had a devastatingly simple result: we have lost money. ..I t is the money that our tenants work hard to entrust us with, and that is what makes it hurt even more. It is made worse by the fact that the amount is more than £932,000.’

It said details have been passed to ActionFraud and police are investigating. No customer data was put at risk. The charity has also strengthened its processes and worked to minimise the impact of the loss. Red Kite’s turnover for the financial year ending 31 March 2019 was £34.9m and it employed 127 full time equivalent staff. It has encouraged others not to make the same mistakes it made, and said: “So learn from our experience, believe us, it is a lesson painfully learned!”

Missed Opportunity to Prevent Fraud

Red Kite Housing said that criminals “mimicked the domain and email details of known contacts that were providing services to Red Kite. Cyber criminals recreated an email thread that misled those who were copied into the email that it was a genuine follow up to an existing conversation. Staff then failed to follow a two-stage process to verify changes to payments, meaning there was a “missed opportunity to shut the door before the money was taken. This is the part that upsets everyone involved.”

In a follow-up statement, the charity said that it could not disclose whether any action had been taken against individuals. But it said it has strengthened systems and processes in the wake of the incident.

“We have continued to build additional security measures into our IT and to review completely all our processes in relation to payments in order to minimise the chance of a single point of weakness occurring in the future,” it said. “Most importantly, we have strengthened further our staff training in the risks.”

Red Kite brought in technology experts to help gather evidence to pass on to the police via UK “ActionFraud, the dedicated police unit that responds to cyber-crime and the police are actively investigating what happened. 

Downgraded by Regulator

Red Kite Housing is regulated by the Regulator of Social Housing, which has downgraded its governance score following the incident. The charity is now rated as “G2”, meaning it complies with the rules but needs to improve some aspects. It was previously rated “G1”, which is the highest of four scores. The charity said it was unable to publish details of the incident, which occurred in the summer, until the regulator’s embargo had lifted. In a statement, the regulator said: “Red Kite has experienced a significant financial loss as a result of a fraud due to a basic failure in its system of internal controls.

“Improvements are required to Red Kite’s control framework to ensure that key financial controls are robust, operating in line with established policies and procedures and with appropriate leadership oversight.... The provider has met its co-regulatory obligations in self-referring the matter to the regulator. The regulator is working with Red Kite to address the weaknesses identified.”

Red Kite Housing:        Civil Society:          Bucks Free Press:      Third Sector:       


You Might Also Read:

Cyber Crime Is An Increasing Risk For Charities:

 


 

« The New Battlefield
Cyber Crime Is Over 50% Of All Reported Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Itaccel

Itaccel

IT Accel began a decade ago as a band of technical recruiters who wanted to bring our experience and depth of knowledge to solving complex human resou

Baker McKenzie

Baker McKenzie

Baker & McKenzie is an international law firm. Practice areas include Data & Technology.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Naval Dome

Naval Dome

Naval Dome provides the first maritime multilayer cyber defense solution for mission critical onboard systems.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.

CUBE3 AI

CUBE3 AI

CUBE3.AI is a web3 security platform that provides real-time transaction protection for smart contracts, safeguarding against cyber exploits, fraud, and compliance risks.