04 Feb עופר איתן Divulges: British Charity Loses almost £1m in Domain Spoofing Scam
Scammers posing as service providers have cheated Buckingham-based charity Red Kite Community Housing out of more than £932,000.
Those behind the theft hoodwinked the charity into believing them to be contacts that had previously won the trust of the organisation.
The tenant led charity owns and manages around 6,500 homes across High Wycombe. It said the fraud will not impact on tenants’ rent costs.
“What they managed to do was to expose a weakness using sophistication and human nature to carry out the theft of this money,” a spokesperson for the charity said.
“In essence, they mimicked the domain and email details of known contacts that were providing services to Red Kite. Through this they managed to recreate an email thread that misled those who were copied into the email that it was a genuine follow up to an existing conversation.
“We still had an additional safety net in place; a two-stage process to verify changes to payments and accounts which ordinarily would have caught this attempt.
“This, however, proved to be our weak point, with an error being made by the clear process not been actioned, resulting in a missed opportunity to shut the door before the money was taken. This is the part that upsets everyone involved.”
The scam took place in late August of 2019 and is currently under investigation by police. At the time, the charity brought in a cyber-specialist organisation to help identify what had happened and to bolster their cybersecurity.
Any information the group uncovers will be shared with police to assist in their ongoing investigation.
As a result of the incident, the charity has had their governance rating downgraded by the Regulator of Social Housing (RSH) from G1 to G2.