The Britain-based Red Kite Community Housing charity fell victim to a cyber-scam that resulted in the loss of more than $1 million.
In a statement issued on January 28, the charity firm disclosed the crime took place in August 2019. The scammers had spoofed the domain of a genuine contractor and sent emails to Red Kite. The emails appeared to from contacts who had already won over the charity’s trust.
"In essence, they mimicked the domain and email details of known contacts that were providing services to Red Kite. Through this they managed to recreate an email thread that misled those who were copied into the email that it was a genuine follow up to an existing conversation,” Red Kite explained in its notification.
The firm admitted that a payment verification process put in place to prevent fraudulent transactions proved ineffective when the error it flagged was not actioned.
What actions did the firm take?
Red Kite has hired a cyber-specialist organization to help identify what happened and to find evidence that could be passed onto the police. The firm has reassured that no systems were compromised during the scam. It has taken additional security measures to secure its IT infrastructure and payment processes. Most importantly, it has also strengthened its staff training to minimize the attacks.