German police identified a gang that stole €4M via phishing attacks

Category: Wordpress News
Original source: securityaffairs.co
Read time: < 2 minutes
Sentiment bias: Positive
Sentiment Score: 0.86028
Published: Oct 6th, 2022
German police identified a gang that stole €4M via phishing attacks

Quick Read

Germany’s Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users via phishing attacks along with a two accomplices who are suspected.
” The police recommend internet users never click on links or open file attachments in emails that appear to be from the bank and urge them to perform some action.
German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns.
There, the phishing victims were asked to enter their login data and a current TAN, which in turn enabled the fraudsters to see all the data in the account of the respective victim – including the amount of credit and availability.
” The phishing emails were informing the recipients of changes in the bank’s security system and asked them to click on an embedded link that redirected them to a landing page that asked them to enter their credentials and TAN (transaction authentication number).
The phishing campaigns were conducted between October 3, 2020, and May 29, 2021, the gang sent to the victims messaging posing as coming from German banks.
Once obtained the credentials and TAN code, crooks were able to access the victims online banking accounts and withdraw funds.

German police identified a gang that stole €4M via phishing attacks

German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns. Germany’s Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users via phishing attacks along with a two accomplices who are suspected. The phishing campaigns were conducted between October 3, 2020, and May 29, 2021, the gang sent to the victims messaging posing as coming from German banks. One of his alleged accomplices (40) was charged with 124 acts of computer fraud, while the police are investigating the third one. “These e-mails were visually and linguistically believable based on real bank e-mails. The victims were informed in these letters that their house bank would change their security system – and their own account would be affected.” reads the statement issued by BKA and shared by BleepingComputer. “The e-mail recipients were thus tricked into clicking on a link, which in turn led to a deceptively real-looking bank page. There, the phishing victims were asked to enter their login data and a current TAN, which in turn enabled the fraudsters to see all the data in the account of the respective victim – including the amount of credit and availability. The perpetrators then contacted the victims and tricked them into revealing further TAN numbers as alleged bank employees. With the TAN, they were then able to withdraw funds from the accounts of the victims.” The phishing emails were informing the recipients of changes in the bank’s security system and asked them to click on an embedded link that redirected them to a landing page that asked them to enter their credentials and TAN (transaction authentication number). Once obtained the credentials and TAN code, crooks were able to access the victims online banking accounts and withdraw funds. According to the German BKA, the suspects also carried out DDoS (distributed denial of service) attackers against the banks to cover up their fraudulent activities. Investigators believe the gang relied on DDoS-for-hire services provided by other cybercriminals. “They are also accused of having carried out so-called DDos attacks on financial institutions and payment card providers in order to obtain further bank data and to cover up their actions. The websites, servers and networks of the companies were overloaded by masses of automated queries, causing the online services to be unavailable or their availability severely restricted.” continues the announcement. “In order to carry out their crimes, the accused are said to have resorted to offers from other cyber criminals who sell various forms of cyber attacks as “Crime-as-a-Service” on the dark web.” The police recommend internet users never click on links or open file attachments in emails that appear to be from the bank and urge them to perform some action. If in doubt, bank customers are recommended to contact their bank advisor personally or obtain information directly from the bank’s website. Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini (SecurityAffairs – hacking, phishing)
The Original Article can be found on securityaffairs.co

Recent Wordpress News Articles

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of …

Read more here
CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities
BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million

A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial frau …

Read more here
BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million
Five Steps to Mitigate the Risk of Credential Exposure

Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for ac …

Read more here
Five Steps to Mitigate the Risk of Credential Exposure
Back to Basics: Cybersecurity's Weakest Link

A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity nee …

Read more here
Back to Basics: Cybersecurity's Weakest Link
Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy …

Read more here
Researchers Uncover Covert Attack Campaign Targeting Military Contractors
Latest News
Help & How To's
Around the Web