The government of North Rhine-Westphalia, a province in western Germany, is believed to possess lost tens of many euros after it did not build a secure website for distributing coronavirus emergency aid funding.
The funds were lost following a classic phishing attack.
Cybercriminals created copies of a politician website that the NRW Ministry of Economic Affairs had found out to distribute COVID-19 aid.
Crooks distributed links to their sites using email campaigns, lured users on the sites, and picked up details from locals. They then filed requests for state aid on behalf of the important users but they replaced the checking account where funds were to be wired.
Losses within the tens of many euros
The scheme lasted from mid-March to April 9, when the NRW government suspended payments and took down its website.
Before taking down the web site, NRW police said it received 576 official reports of fraud in reference to this scam, German tech news site Heise said in the week.
German newspaper Handelsblatt also reported that the govt had received quite 380,000 requests for coronavirus government aid, agreeing to form payments in 360,000 cases.
NRW officials said that between 3,500 and 4,000 requests for funding are believed to possess been made fraudulently, German television station Tagesschau reported on Wednesday.
Payments varied between €9,000, for self-employed professionals, to €25,000, for companies with quite 50 employees that had their activity disrupted by the present pandemic.
Based on a rough estimate, the NRW government is currently believed to possess lost between a minimum of €31.5 million ($34.25 million) and up to a maximum of €100 million ($109 million), money representing fraudulent payments made to the incorrect accounts.
Blame falls on NRW officials
An investigation is currently ongoing. Tagesschau reports that NRW prosecutors are currently looking into two phishing websites utilized in the scheme, one among which is wirtschaft-nrw.info.
The blame during this incident falls solely on NRW officials who had not come up with a secure method of distributing funds.
While other German state governments were asking users to upload scanned documents to prove their identity or were asking users to download a form and mail it, NRW was only requiring local residents and corporations to fill a form on its site, with none additional verification of their identity.
The NRW government has re-enabled its coronavirus emergency aid funding website today, and it said that payments are going to be honored going forward as long as the requester’s checking account number matches the checking account number utilized in the past to pay taxes.
Jan G. (pseudonym), a Cologne-based C programmer, told ZDNet today that he would have also fallen for the phishing campaign if he had received the scammer’s email.
“We users can detect phishing sites if we are conversant in the cloned site,” Jan told ZDNet during a call today. “This was a replacement site that no-one had seen before and that we wouldn’t are ready to tell if it had been the important one or not. It explains why numerous fell for it and entered personal data.”
NRW police is now asking users who have filed for coronavirus relief funds but not received funds yet to file a police report.