Fraudsters may have stolen tens of millions of euros earmarked for German COVID-19 financial aid after a province failed to properly check the identity of applicants, according to Handelsblatt. The cybercriminals used a classic phishing scheme: First, they created a copy of the official website used by the North Rhine-Westphalia (NRW) province to distribute coronavirus aid to businesses and self-employed folks. Then they launched an email campaign to lure users to the phony website and steal their credentials. Finally, the scammers requested financial aid on behalf of those individuals while using their own bank accounts.
The scheme went on for around three weeks until April 9th, when the local government temporarily suspended payments and took its site offline. In the meantime, police received 576 official fraud reports, with payments varying from €9,000 to €25,000. That means the government may have lost between €31 to €100 million (around $34 to $109 million).
The problem apparently happened because the NRW government — unlike other German state governments — failed to request scanned identity documents. Rather, applicants merely had to fill out forms on the website with no additional verification. The government has now put its coronavirus funding website back on line (with additional ID verification in place) and will only honor previous funding requests if if the applicant’s bank account was already on record.
A programmer in Cologne told ZDNet that he might have fallen for the scam too, as the NRW government created an all-new and unfamiliar website. "This was a new site that nobody had seen before and we wouldn't have been able to tell if it was the real one or not,” the unnamed person said. “It explains why so many fell for it and entered personal data.”