The government of Germany’s North Rhine-Westphalia (NRW), a province in western Germany, lost tens of millions of euros following a typical phishing operation.
The cybercriminals could commit the fraud, as the NRW government failed to deploy a secure website for distributing Coronavirus financial aid money. The attackers created copies of an official website that the NRW Ministry of Economic Affairs had set up for dispensing funds to carry out the hack.
The criminals first distributed fake links using phishing email campaigns and collected details from citizens. Then, they used to file requests for government aid on the official website on behalf of the real users. However, they would replace the original bank details with bank account numbers where funds were to be deposited.
According to the authorities, the fraud scheme started from mid-March and lasted until April 9, when the NRW government suspended payments and officially took down its website. The government acknowledged that they had received 576 reports related to the fraud scam, German tech news site Heise reported.
The German newspaper Handelsblatt reported that the government received more than 380,000 requests for coronavirus financial aid, of which it approved only 360,000 requests.
Out of these 360,000 requests, some 3,500 to 4,500 were fraudulent requests for financial aid, said NRW officials, reported German TV station Tagesschau.
The government was making payments of €9,000 to each self-employed professional and €25,000 to any organization with more than 50 employees whose business was disrupted due to the current coronavirus pandemic.
It is estimated that the NRW government lost a minimum of €31 million ($34.25 million) and up to a maximum of €100 million ($109 million) in the phishing scam.
The NRW government has currently launched a police investigation and are looking into two phishing websites used in the scheme, one of which is wirtschaft-nrw.info.
Hubertus Heil, labour minister, said all fraudsters will be investigated and prosecuted. “Most people will behave decently and the black sheep that are committing fraud, we will catch them, and we will punish them,” he told German state broadcaster ARD TV.
Following the suspension, the NRW government has again re-enabled its coronavirus emergency aid funding website for the self-employed individuals and small business owners in Germany. They have been asked to reapply online for coronavirus-related state emergency aid in NRW.
“The emergency aid has started again,” NRW Minister for Economic Affairs Andreas Pinkwart (FDP) said las Friday. The application form is available online again at noon from soforthilfe-corona.nrw.de . “Please only use this page, because this is the only safe one,” Pinkwart appealed.
The payments going forward will be honoured only if the requester’s bank account number given matches with those deposited with the tax authorities. However, the payout process will continue to remain digital, as speed remains a top priority, said the minister.
Additionally, NRW police is requesting users who have filed for coronavirus relief funds but not yet received it to file a police report.
?#Corona: UPDATE zum vorläufigen Stopp der NRW-Soforthilfe 2020 // Hintergründe zum aktuellen Ermittlungsstand und alles, was Antragsteller nun wissen müssen ??https://t.co/mfCd2vboW8 @IM_NRW pic.twitter.com/GaubKg25EH
— Wirtschaft.NRW (@WirtschaftNRW) April 9, 2020