Western Germany’s North Rhine-Westphalia (NRW) government has fallen victim to a phishing attack, losing several million euros.

The cybercriminals responsible exploited the current coronavirus pandemic, impersonating a government website used for emergency distribution of COVID-19 crisis funding. The hackers involved established a bogus version of the NRW’s real Ministry of Economic Affairs site and made use of personal details entered by users when filing requests to obtain funds.

Exploitation of an unsecure government system

Responsibility for the large-scale theft has been assigned to NRW government officials and their failure to arrange a secure way of distributing crucial funding to those in need. Whereas other states in Germany have asked for applications to be made via mail or have requested scanned supporting documents to confirm identity, NRW regulations only asked applicants to fill in and submit a form online.

This unsecure system enabled hackers to impersonate applicants using information they had harvested from the fake NRW website when users filed requests for financial help from the government. To seize the funds allocated, the cybercriminals simply replaced the users’ bank account details with their own and received the wired amounts instead.

An investigation has reported that the phishing scheme was operational for around a month, beginning in mid-March and ending on April 9 following discovery by the NRW, which promptly suspended payments and removed the website. A German site for tech news, Heise, revealed that before the website was removed, over 576 incidents of fraud related to the scam were officially reported to local police

The rising threat of coronavirus-related phishing attacks worldwide

This is far from the only example of cybercriminals using the backdrop of the coronavirus to take advantage of the pandemic and essential lockdown to reap financial rewards.

In a recent statement issued by Google, users now working at home during lockdown conditions were warned of an increase in COVID-19-based phishing tactics arriving via email.

According to the company’s statistics, Gmail regularly blocks more than 100 million emails containing phishing attacks in a day and added that in recent weeks, about 18 million malicious messages have pertained to coronavirus.

Google assured its users that the company’s ML (machine learning) models have already evolved to comprehend and filter this type of cyberthreat. The technology has the capability to block more than 99.9% of phishing, malware and spam from ever reaching those using Gmail accounts. Any email identified as threatening or suspicious is instantly highlighted for users with a red warning banner to raise the alarm, accompanied by the text “this message seems dangerous.”

Closer to home, figures found by the BBC show that here in the UK, around £2m has so far been lost in fraudulent schemes related to COVID-19. Cybersecurity officials in both the UK and the US have made statements warning organisations, institutions and individuals that cybercriminals, some of whom may be state-backed, are using the chaos caused by the current coronavirus outbreak to exploit and extort funds from businesses and the general public.