Nasty fraud by sending phishing emails: The Federal Criminal Police Office (BKA) today searched three properties in North Rhine-Westphalia at the request of the Cologne public prosecutor's office, Central and Contact Office for Cybercrime NRW (ZAC NRW). An arrest warrant requested by the Verden (Aller) Public Prosecutor's Office - Central Office for Internet and Computer Crime (Cybercrime) and executed by the Hanover Regional Court was executed against a 24-year-old German citizen and he was arrested. He and two other defendants are accused of having committed commercial computer fraud in a large number of cases and, in particularly serious cases, computer sabotage. The BKA was supported in the police measures by emergency services from the state of North Rhine-Westphalia.

Four million euros in damage caused by computer fraud

In the investigations carried out by the two public prosecutors' offices, which are being carried out in cooperation with the police departments specializing in this area of ​​crime at the Hanover Police Department and the BKA, the accused are accused of having caused at least four million euros in damage through computer fraud.

Fraud by sending phishing emails!

The three men are said to have obtained the money by defrauding bank customers to whom they sent phishing emails on a large scale. These emails were visually and linguistically credibly based on real bank emails.

In these letters, the victims were informed that their bank would be changing its security system - and that their own account would be affected. The email recipients were tricked into clicking on a link, which in turn led to a deceptively real-looking bank page. There, the phishing victims were asked to enter their login details and a current TAN, which in turn enabled the fraudsters to see all the data in the respective victim's account - including the amount of credit and contact details. The perpetrators then contacted the victims and, as alleged bank employees, tricked them into disclosing additional TAN numbers. With the TAN they were then able to withdraw money from the accounts of the injured parties.

The accused are said to have divided the necessary work steps, including programming, data processing and telephone calls, among themselves. They are also accused of carrying out so-called DDoS attacks on financial institutions and payment card providers in order to criminally obtain additional bank data and to conceal their actions. Massive automated queries overloaded the companies' websites, servers and networks, causing online services to become inaccessible or severely restricting their accessibility. In order to carry out their crimes, the accused are said to have resorted to offers from other cybercriminals who sell various forms of cyberattacks as “crime-as-a-service” on the Darknet.

The cooperation between the various authorities in this procedure also shows the strong networking between investigators in the area of ​​cybercrime in order to prevent such fraudulent acts.

The 24-year-old and a 40-year-old have already been charged in the proceedings by the Verden public prosecutor's office at the Hanover regional court. They are accused of 124 acts of computer fraud, which they are said to have committed jointly between October 3rd, 2020 and May 29th, 2021 in Hanover and elsewhere.

The investigators warn: Cybercriminals use highly professional phishing emails.

These are usually the gateway for cybercrimes. In the current case, the forgeries could hardly be distinguished from professional bank emails, which also contributed to the high amount of damage. Bank customers should never click on links or file attachments in what appear to be emails from their bank. If in doubt, contact your bank advisor personally or find out more directly on your financial institution's website. If you become a victim of a crime, report it to the relevant police immediately.

The investigations against the accused at ZAC NRW are ongoing. No further information about the procedure can be provided at this time. Attention is drawn to the continued presumption of innocence.

Source:

Federal Criminal Police Office

Also read: Warning of a new scam related to phishing – fraudsters create digital cards

Tips on how you can protect yourself from phishing emails and scammers:

  1. If you are contacted by a supposed representative of your bank and pressured to provide an update, for example, you will immediately become suspicious. Contact your bank immediately using the usual contact details and question the measure.
  2. Do not transmit personal or confidential information (such as passwords or transaction numbers) via email. Never follow a link to log into your online banking. Only access this using the method you know.
  3. Always make sure who you are dealing with. For links and websites, check the address bar in your browser. You should become suspicious if there are even the slightest deviations.
  4. Do not click on the link provided in an email sent. Instead, try accessing the pages specified in the email via your bank's homepage (without typing them in the address bar).
  5. Only follow requests in emails to download programs if you can find the corresponding file on the company's website (do not start a download via the direct link). In particular, do not open attached files.
  6. Use antivirus programs and firewalls.
  7. Always end the online session with your bank by logging out or logging out. Do not just close the browser window or go to another website before logging out.
  8. Check your account balance and account transactions regularly. This means you can react quickly if unwanted actions have taken place.
Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )