Germany’s Million Mask Scam Foiled as Organized Crime Goes Online

With coronavirus cramping the usual activities of gangsters, organized crime is increasingly going online, experts said on Thursday, following the bust of a group attempting to sell millions of non-existent masks to German health authorities.

Europol announced this week that authorities and financial institutions in several countries  cooperated in the sting, which targeted fraudsters who used sham email addresses, as well as fake and cloned websites, in an effort to rob the German government of as much as 2.4 million euros. Two people have been arrested in the ongoing investigation.

The attempted robbery highlights how criminal groups have turned to online scams to make up for revenue losses caused by the pandemic, said Lucia Bird, a senior cybercrime analyst at the Global Initiative Against Transnational Organised Crime.

“If you look at some of the types of crimes that have spiked, phishing is one of them,” she said, referring to a scam in which criminals pose as legitimate institutions to convince people to reveal sensitive information such as credit card numbers.

“You can buy a phishing kit online for around $50, and some marketplaces are even offering discounts on cybercrime kits and software given the boom in opportunity,” Bird said by phone from London.

German health authorities realised they had been targeted only after paying a down payment for the masks. Authorities in Germany, Ireland, The Netherlands and the United Kingdom then sprang into action in an operation coordinated by the transnational law enforcement agencies Europol and Interpol.

Working with financial institutions, investigators managed to prevent the funds from reaching their final destination, Nigeria, Europol said.

“We know that Europol are tracking a number of mask-related scams through Europe, and there have been many reports of similar incidents elsewhere,” Bird said. “In a number of these cases, the funds were transferred and not recalled in time, and it remains to be seen if they can be recovered.”

Since the outbreak of the pandemic, OCCRP has reported how the disease has fueled an explosion in cybercriminal activity around the world, from low-level scams like phishing and deceptive advertising, to fraudsters impersonating governments and international health organisations.

The case announced this week by Europol showed a tech-savvy group working across borders to enmesh German health authorities in a sophisticated scam.

German authorities had recruited two private companies, based in Zurich and Hamburg, to procure €15 million worth of medical masks.

The companies – which were legitimate – initially contacted a website registered in Spain and ordered 10 million masks. When the delivery failed to come through, the website referred the companies to a dealer in Ireland, who in turn put them in contact with a supplier registered in The Netherlands.

Following an initial downpayment of 1.5 million euros to secure the first batch, the buyers received an email, ostensibly from the Dutch company, claiming it had not received the money. The fraudulent company demanded an emergency transfer of a further €880,000 to secure the shipment.

After the masks again failed to arrive, the buyers discovered that the Dutch supplier’s site had been cloned by the scammers. The real company had no record of the order or the payments.

A race against time then ensued to stop the transfers before the money was lost. Europol and Interpol coordinated with banks in Ireland, the UK and The Netherlands to freeze the transactions.

The banks were able to return the funds, according to Europol, which said it continues to support the investigation in several European countries.