Prosecutors accuse three of the accused of commercial computer fraud and computer sabotage. A search and arrest took place at the end of last week.
With a perfidious phishing scam, three fraudsters stole at least four million euros from bank customers. At the end of last week, the Federal Criminal Police Office examined three objects in North Rhine-Westphalia and arrested a suspected 24-year-old in order to enforce an arrest warrant against him. The prosecutors accuse the arrested and two other suspects of having committed commercial computer fraud in numerous cases and computer sabotage in particularly serious cases.
The amount of damage amounts to at least four million euros, explains the BKA in a joint press release with the Cologne public prosecutor’s office (central and contact point for cybercrime NRW) and the Verden public prosecutor’s office (central office for internet and computer crime). [Cybercrime]). They caused the damage through computer fraud: The three men are said to have obtained the money by cheating bank customers, to whom they sent phishing e-mails on a large scale.
First email, then call
The authorities explain that the phishing e-mails resembled real bank e-mails and were credible both visually and linguistically. In the phishing emails, the fraudsters stated that the house bank would change the security system and that the recipient account would be affected. After clicking on a link in the fraudulent email, the recipients ended up on a convincingly fake bank website, which the victims could access after providing their log-in data and TAN.
The scammers gained insight into the account balance and personal data such as contact details. The fraudsters used this to pretend to be bank employees and to surreptitiously obtain further TANs from the victims. They were then able to withdraw money from the victims’ accounts.
The alleged criminals are said to have shared the workload. They would have divided up programming, data processing and telephone calls among themselves. In order to get more bank data and to cover up their actions, they also launched DDoS attacks on financial institutions and payment card providers. To do this, they relied on offers from other cyber criminals who sold various cyber attacks as “crime-as-a-service” on the dark web.
In the proceedings of the Verden public prosecutor’s office, the arrested 24-year-old and a 40-year-old have already been charged at the Hanover Regional Court. The authorities charge them with 124 cases of computer fraud, which they are said to have committed jointly between October 3rd, 2020 and May 29th, 2021 in Hanover and elsewhere.