Phishing Campaign Claims Tens of Millions of Euros of Government COVID-19 Payouts

A phishing campaign has resulted in losses of tens of millions of Euros for the German North-Rhine-Westphalia (NRW) government. The NRW government’s Ministry of Economic Affairs set up a website for self-employed individuals and businesses in the province to request financial relief due to the 2019 Novel Coronavirus pandemic. Requests could be submitted through the site to receive emergency aid funding.

However, a copycat site was created by scammers on a different domain that closely resembled the site set up by the NRW government. The scammers then conducted a spam campaign offering financial assistance but substituted their own URL in place of the official link to the site. When people responded and submitted claims, the hackers then used that information to submit claims through the genuine NWR website but added their own bank details.

The NRW government issued many payments to those accounts before the scam was detected. The scammers were running their campaign between mid-March and April 9, when the NRW government suspended all payments and took its website offline. The phishing scam is now being investigated and is believed to have involved two separate domains.

According to the German news website, Heise, more than 576 reports of fraud in relation to the scam have been received by the government; however, the figure could be much higher. The German TV station Tagesschau has reported that between 3,500 and 4,000 fraudulent requests are understood to have been made through the website, with payments ranging between €9,000 to €25,000. Losses have been estimated to be between €31.5 million and €100 million.

The websites were highly realistic and were set up on new domains without poor reputation scores, so it is easy to see how users would believe that the websites were genuine. Questions are now being asked about the methods – or lack of them – used by the NRW government to prevent fraudulent claims. Several other German provinces have set up similar programs to provide financial assistance to the self employed and companies during the COVID-19 pandemic, but they have required claimants to submit documentation to prove their identifies, such as scans of official documents. The NRW government only required residents to download a form from the website, complete it, and submit it through the official website.

Had controls been in place to verify identities, the losses may have been avoided and would certainly have been reduced.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of