German police identified a gang that stole €4 million via phishing attacks

German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns.

Germany’s Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users via phishing attacks along with a two accomplices who are suspected.

The phishing campaigns were conducted between October 3, 2020, and May 29, 2021, the gang sent to the victims messaging posing as coming from German banks.

One of his alleged accomplices (40) was charged with 124 acts of computer fraud, while the police are investigating the third one.

“These e-mails were visually and linguistically believable based on real bank e-mails. The victims were informed in these letters that their house bank would change their security system – and their own account would be affected.” reads the statement issued by BKA and shared by BleepingComputer. “The e-mail recipients were thus tricked into clicking on a link, which in turn led to a deceptively real-looking bank page. There, the phishing victims were asked to enter their login data and a current TAN, which in turn enabled the fraudsters to see all the data in the account of the respective victim – including the amount of credit and availability. The perpetrators then contacted the victims and tricked them into revealing further TAN numbers as alleged bank employees. With the TAN, they were then able to withdraw funds from the accounts of the victims.”

The phishing emails were informing the recipients of changes in the bank’s security system and asked them to click on an embedded link that redirected them to a landing page that asked them to enter their credentials and TAN (transaction authentication number).

Once obtained the credentials and TAN code, crooks were able to access the victims online banking accounts and withdraw funds.

According to the German BKA, the suspects also carried out DDoS (distributed denial of service) attackers against the banks to cover up their fraudulent activities. Investigators believe the gang relied on DDoS-for-hire services provided by other cybercriminals.

“They are also accused of having carried out so-called DDos attacks on financial institutions and payment card providers in order to obtain further bank data and to cover up their actions. The websites, servers and networks of the companies were overloaded by masses of automated queries, causing the online services to be unavailable or their availability severely restricted.” continues the announcement. “In order to carry out their crimes, the accused are said to have resorted to offers from other cyber criminals who sell various forms of cyber attacks as “Crime-as-a-Service” on the dark web.”

The police recommend internet users never click on links or open file attachments in emails that appear to be from the bank and urge them to perform some action. If in doubt, bank customers are recommended to contact their bank advisor personally or obtain information directly from the bank’s website.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, phishing)

[adrotate banner=”5″]

[adrotate banner=”13″]