The administration of German lnder of North Rhine-Westphalia suffered the theft of several million dollars by some hackers / scammers who managed to intercept a part of the funding allocated by the government to support those who, between companies and freelancers, found themselves in difficulty with the overthrow of the crisis linked to COVID-19 pandemic.
The scam is consumed by exploiting a traditional Phishing scheme: The criminals first created a copy of the official website that North Rhine-Westphalia put online to distribute aid to businesses and freelancers. After making the puppet site accessible, the attackers started an email campaign to attract users and steal their login credentials.
Now having the credentials of various companies and professionals to impersonate them and access the legitimate website, the scammers have sent requests for direct financial aid to their bank accounts to the government of the Lnder. Given the obvious bad faith of the scammers, part of the responsibility also for the administration of the German Lnder, which unlike the other regions has failed to verify the actual identity of the applicants by sending an identification document.
With the Phishing campaign running until April 9, when the local government suspended payments and took the website offline, the criminals managed to make between 3,500 and 4,000 funding requests, for amounts between 9,000 and 25,000 euros, at least according to the data reported by Handelsblatt. In total, a very rough estimate based on these numbers tells us that the government may have lost an amount between a very wide range of 31-100 million euros, having already made payments to the scammers' accounts.
In addition to the slip on the non-verification of identity, the fraudulent mechanism was successful because the official North Rhine-Westphalia website for the request for completely new financing and being a site that no one has ever seen before, it was impossible to determine whether on the website there were bogus elements out of place that made one suspect something.
The government of the Lnder has now put the legitimate site back online, implementing an identity verification, and indicating that it will honor payments on previous requests only if the applicant's bank account matches that already present in their database and used in the past for the payment of the taxes.
