Europol shuts down international phishing operation related to COVID-19

Europol announced that it will initiate legal proceedings against 23 people accused of participating in a business email engagement (BEC) operation that would have resulted in losses of up to $1.2 million USD. The charges against the suspects were filed after multiple raids in Ireland, Romania and the Netherlands.

This campaign began with the sending of multiple emails in which attackers announced the sale of fake protective equipment against COVID-19 in 20 different countries. The hackers created multiple email addresses and fake pages similar to the platforms of some legitimate vendors.

In its report, Europol claims that this group mimicked the behavior of medical supplies companies in Asia and Europe, offering very attractive prices in exchange for these anti-COVID-19 kits and requesting an advance payment for the goods to be shipped. Needless to say, the promised merchandise never reached the affected organizations and the money simply disappeared through multiple banking operations carried out by hackers.

Europol adds that this operation was deployed by African citizens residing in various European countries, most using illegal documents or simply as immigrants.

The criminal group reportedly began operating in 2016, although it did not come to the attention of European authorities until 2017. Before the global coronavirus health crisis, these threat actors used other themes for their attacks.

Europol representatives mention that the cooperation of the local authorities is being sought in order to close the case as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.