Cyber Incident Victim: Red Kite Community Housing
Date:
Aug 2019
Location:
United Kingdom
Summary
A British community housing charity suffered a significant financial loss exceeding $1 million due to a domain spoofing and contractor impersonation scam, where attackers replicated trusted service providers' domains and email threads to deceive staff. The fraud exploited a lapse in internal controls, as a payment verification error was overlooked despite existing safeguards, allowing the theft to proceed. This incident prompted a regulatory downgrade over governance failures and highlighted vulnerabilities in human oversight of security processes.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late August 2019, Red Kite Community Housing suffered a financial fraud through a domain spoofing and contractor impersonation scheme. Attackers impersonated legitimate service providers by replicating their email domains and mimicking trusted contacts. The criminals inserted themselves into existing email conversations, creating forged threads that appeared to continue legitimate discussions about ongoing services. This deception misled Red Kite staff into believing they were corresponding with verified contractors. The attackers manipulated this trust to redirect a payment of £932,000 (approximately $1 million) to fraudulent accounts. Red Kite had implemented a two-stage payment verification process designed to prevent such fraud, but an error occurred when staff failed to act on a discrepancy flagged during this verification step. This procedural breakdown allowed the fraudulent transaction to proceed undetected until after the funds were transferred.
The incident resulted in immediate financial losses exceeding £900,000 and triggered an ongoing police investigation that remained active as of February 2020. The Regulator of Social Housing (RSH) downgraded Red Kite’s governance rating following the fraud, citing a "basic failure in its system of internal controls." Red Kite publicly acknowledged the oversight in its verification process, describing the outcome as "absolutely galling" and emphasizing that human error contributed to the missed interception opportunity. The organization confirmed no additional technical or operational specifics about the attack vector beyond the email spoofing and procedural failure. Reputational damage accompanied the financial impact, with the RSH mandating improvements to Red Kite’s internal controls to prevent future breaches. The charity, which manages approximately 6,500 homes in High Wycombe, Buckinghamshire, disclosed the incident publicly in January 2020 but did not report further technical or investigative updates beyond the initial statement.