Germany arrests hacker for stealing €4 million via phishing attacks

Germany arrests hacker for stealing €4 million via phishing attacks​

September 30, 2022
10:31 AM ET 7:31 AM PT

Germany's Bundeskriminalamt (BKA), the country's federal criminal police, carried out raids on the homes of three individuals yesterday suspected of orchestrating large-scale phishing campaigns that defrauded internet users of €4,000,000.
One of the three individuals, a 24-year-old German citizen, has been arrested and charged, while a second one, a 40-year-old, was also charged with 124 acts of computer fraud. Investigations on the third suspect are still ongoing.
Based on the evidence gathered by the German Computer Crime Office, the phishing operations attributed to the charged men were committed between October 3, 2020, and May 29, 2021.

€4 million operation​

The three men obtained money from their victims by sending them phishing emails that were clones of messages from real German banks.
BKA comments that the forgery was very high quality and almost impossible to distinguish from genuine bank emails.
The emails informed the recipients of imminent changes in the bank's security system, inevitably impacting their accounts.
To ensure they could continue using the bank's services, the victims were requested to log in to a phishing website, thus handing over their credentials to the crooks.
Additionally, the victims were asked to enter their TAN (transaction authentication number), which is a one-time code for online transactions, enabling the hackers to access their e-banking accounts and withdraw funds.
As mentioned in BKA's announcement, the threat actors even performed DDoS (distributed denial of service) against the banks, hoping this would help cover up their fraudulent transactions.
"The websites, servers, and networks of the companies were overloaded by masses of automated queries, causing the online services to be unavailable or their availability severely restricted," explains BKA's announcement (machine translated).
"In order to carry out their crimes, the accused are said to have resorted to offers from other cybercriminals who worked on the dark net, selling various forms of cyber attacks as crime-as-a-service."
If you receive an email alleging to be from your bank and asking you to take action to resolve a problem, do not click on any of the embedded buttons or URLs.
Instead, open a new tab, use a search engine to visit the bank's official site, and log in to the customer portal to review any alerts or notices.
Finally, never enter account credentials before you have confirmed that the domain you landed on is the real one.

 

[DVDR_Dog]

It appears that law enforcement in Europe may have cracked the Crypto code and seeing where it ends up.
Here are the two flaws with these phishing schemes:
If someone suddenly acquires a large amount of money they usually can't help themselves by buying loads of expensive things.
Now here's the big one. These schemes require multiple back and forth communications. Even if you utilize multiple VPNs, etc., if law enforcement has a warrant they can be waiting for the communication to happen and they already know where it's going to end up.
My company is a big supplier of VoIP communications among other communications. Two weeks ago we had a visit from 3 agents from Homeland Security All I know is that they were looking for someone who abused our communications network.
Russia has no reciprocity agreements with other companies so electronic crime/ copyright violations are unenforceable by any other country, the only major country in the world that allows that activity outside their own boundaries.
So as these forensic tools are starting to be developed, more and more people will be caught and the charges and prison time associated with these crimes are massive.
Russian cybercriminals will continue to be a huge problem. I have heard rumors that cybercrime is a very lucrative profession in that country and has virtually no enforceable ramifications to the perpetrators as long as they remain inside Russia's borders.
Oddly enough just about every other country has severe penalties for crimes that AFFA has posted above. China for example swats computer criminals like flies.