French firm conned out of €6.64m by hackers exploiting COVID-19 outbreak

A 39-year old man has been arrested in Singapore for carrying out a business email scam to con a French pharmaceutical company out of €6.64 million who had placed an order for FFP2 surgical masks and hand sanitisers.

Law enforcement authorities in Europe, including Europol and the French Police, had reason to believe that the cyber criminal impersonated a legitimate company and advertised quick delivery of FFP2 surgical masks and hand sanitisers.

A French pharmaceutical company fell for the trap and placed a massive order worth approximately €6.64 million for hand sanitizers and face masks. After it transferred the money to a bank account in Singapore, the company neither received the products nor could it contact the supplier.

French police reported this incident to Europol and with the cooperation of international law enforcement agencies, informed their Singaporean counterparts to trace the cyber criminal. Singaporean authorities arrested him on 25th March and were also able to block part of the payment made by the pharmaceutical company.

“The number of cyberattacks against organisations and individuals is significant and is expected to increase. Criminals have used the COVID-19 crisis to carry out social engineering attacks themed around the pandemic to distribute various malware packages," said Europol.

“Cybercriminals are also likely to seek to exploit an increasing number of attack vectors as a greater number of employers institute telework and allow connections to their organisations’ systems.”

“While many people are committed to fighting this crisis and helping victims, there are also criminals who have been quick to seize the opportunities to exploit the crisis. This is unacceptable: such criminal activities during a public health crisis are particularly threatening and can carry real risks to human lives. That is why it is relevant more than ever to reinforce the fight against crime. Europol and its law enforcement partners are working closely together to ensure the health and safety of all citizens,” said Europol’s Executive Director Catherine De Bolle.

Suspected Nigerian hackers used fake websites to con German health authorities amidst COVID-19 crisis

Earlier this month, law enforcement authorities across Germany, Ireland, the Netherlands and the UK were also able to foil a massive scam that involved cyber criminals setting up fake websites to impersonate legitimate companies that sold face masks. This way, the criminals were able to con German health authorities out of €880,000.

According to Europol, the cyber criminals set up a fake website that impersonated the website of a Dutch company and sealed a deal with German health authorities to supply 10 million face masks. The hackers hijacked and then used legitimate email addresses to communicate with the buyers.

The deal included an initial delivery of 1.5 million masks in exchange for an up-front payment of €1.5 million. The masks were to be transported from a warehouse in the Netherlands to the final destination in Germany. Just before the delivery date, the scammers asked the health authorities to wire €880,000 urgently to a new bank account as the up-front payment of €1.5 million had not been received.

Soon after making the urgent wire transfer, the buyers realised that they were duped as the scammers used a website that impersonated a Dutch company and the legitimate company had no records of the order. Thanks to immediate intervention by law enforcement authorities, the wired money was tracked down and investigators found that €500,000 of those funds had already been sent to the UK and were destined for an account in Nigeria.

"This operation which has already led to two arrests in the Netherlands is ongoing as investigators across Europe are continuing to work on investigative leads with the continued support of Europol and its partners," said Europol.

ALSO READ: COVID-19 related phishing attacks grew by 600% worldwide

MORE ABOUT: