We’re only into the second month of 2020, and news continues to break of cyber criminals attacking organisations.
The latest cyber crime that has hit the headlines has seen Red Kite Community Housing conned out of more than £932,000, after cyber criminals mimicked their domain and email details of known suppliers.
- Cyber Attacks Persistent Threat to Charities
- Charity Sector At Risk From Cyber Crime
- Australian Bushfire Donations Line Hacker’s Pockets
This elaborate scam, saw hackers recreating email threads, misleading those copied into the email, making them believe they were following up a genuine conversation that had been ongoing.
This cyber crime, which took place in August 2019, has meant the organisation has had its governance rating downgraded by the Regulator of Social Housing (RSH).
In a statement, Red Kite said:
“To be blunt, we were conned. A sophisticated cyber crime which had a devastatingly simple result: we have lost money.
“More importantly, it is the money that our tenants work hard to entrust us with, and that is what makes it hurt even more. It is made worse by the fact the amount is more than £932,000.
“As a community organisation that has built a track record of saving our residents over £33m in the first five years, and almost another £30m on our long-term business plan, it is absolutely galling to lose a £1, let alone the sum involved in this crime.
“What really angers us, though, it that these criminals have purposely targeted a charitable organisation.
“Our IT systems and teams detect and stop attempts to access information and steal data or money every day.
“What happened to us this time was different, and it has brought home to use that you can never drop your guard for a moment, no matter how safe you think your systems are.
“We aren’t going to credit this con as being clever, we don’t want to glorify the criminal responsible. What they managed to do was to expose a weakness using sophistication and human nature to carry out the theft of this money.”
Last month, the RSH made a regulatory judgement public. It highlighted that Red Kite experiences “a significant financial loss as a result of a fraud due to a basic failure in its system of internal controls”. The judgement also urged the organisation to make improvements to prevent the same issue from happening again.
Following on from the data breach Red Kite have upped their cyber security, bringing in an expert to help make some of the improvements issued by the RSH.
Red Kite added:
“We are reassured that our systems were not compromised. However, that does nothing to ease the pain of the situation.
“Our teams have also been working to minimise the impact of this crime, being successfully in renegotiating a financial deal that has saved us an addition £1.1million.
“This doesn’t mean that we sit back and rest on our laurels, it just means that we have been able to compensate for the loss and our residents will not suffer as a result.
“This, we can say with certainty that, as a result of this con, we will not e changing anything we currently support of that we undertake for our community, either now or in the future.”
Police are continuing to work to get the money back.
Red Kite Community Housing, took the reins of all the Wycombe District Council’s housing stock in 2011.
Once again, this cyber attack demonstrates the importance of securing your domain name, using tools such as DMARC to prevent cyber criminals from using your email domains in the way described in this case.