Update: The NRW's Ministry of Economic Affairs website is now back online, enabling the self-employed and small business owners to once again apply for Coronavirus emergency aid. The NRW police say that, so far, there have been no known cases of hackers successfully managing to siphon funds.
The government of North Rhine-Westphalia (NRW) in western Germany has reportedly lost tens of millions of Euros after hackers impersonated its website for distributing emergency coronavirus funding.
Hackers not only set up a website impersonating the legitimate NRW Ministry of Economic Affairs website but also used the personal details provided by users to file requests and collect funds on their behalf.
The blame has been attributed to NRW officials who had failed to set up a secure method of distributing funds. As opposed to other German states, which have asked users to download a form and mail it or to upload scanned documents in order to verify their identity, NRW only required local applicants to fill out an online form.
This allowed cybercriminals to impersonate applicants who had provided their personal details to the unofficial website and file requests for government aid, replacing only the bank account where funds were to be wired.
The scheme lasted for nearly a month, from mid-March until 9 April, when the NRW government finally took down the website and suspended payments.
However, the damage had already been done. German tech news site Heise reported that prior to the website being taken down, the local police had received 576 official reports of fraud related to the scam.
The situation in NRW is the latest example of hackers using coronavirus-related content in order to reap benefits from the outbreak and subsequent lockdown.
RELATED RESOURCE
2020 report: The threat posed by shadow IoT devices
Unsanctioned IoT devices open a portal for chaos across the network
Last week, Google issued a warning to users working from home during the lockdown about a rise in the number of coronavirus-based phishing attacks, many of which are being sent as emails. The company stated almost two in five phishing attempts over Gmail were now related to COVID-19.
According to the BBC, about £2 million has been lost to coronavirus-related fraud in the UK. Earlier this month, both US and UK cybersecurity officials warned that hackers, some of them potentially state-backed, were using the disruption caused by the coronavirus pandemic to exploit businesses and the wider public.
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
Putting small language models under the microscopeITPro Podcast The benefits of small language models are undeniable – but they're no silver bullet
-
Phishing emails target victims with fake vaccine passport offerNews Scammers could steal victims’ personal information and never deliver the illegal goods, Fortinet warns
-
COVID-related phishing fuels a 15-fold increase in NCSC takedownsNews The NCSC recorded a significant jump in the number of attacks using NHS branding to lure victims
-
COVID vaccine passports will fail unless government wins public trust, ICO warnsNews Data watchdog's chief Elizabeth Denham warns that it’s not good enough to claim ‘this is important, so trust us’
-
Fake COVID vaccination certificates available on the dark webNews Fast-growing market emerges for people wanting quick vaccine proof to travel abroad
-
Cyber security firm saw attacks rise by 20% during 2020News Trend Micro found attackers also heavily targeted VPNs
-
Hackers using COVID vaccine as a lure to spread malwareNews Cyber criminals are impersonating WHO, DHL, and vaccine manufacturers in phishing campaigns
-
Website problems slow coronavirus vaccine rollout
News Florida is the epicenter of website issues, as patients struggle with malfunctioning sites and hackers
-
NHS COVID-19 app failed to ask users to self-isolate due to 'software glitch'News The bug is the latest in a long line of errors and glitches to plague the government's contact-tracing app
