Face masks are on display in a closed shop in Vienna on March 19, 2020.
Interpol says A multinational scam involving fake email addresses and a cloned website aimed to trick health authorities into handing over $16 million for face masks that didn't exist over the past month.
Two suspects have been arrested in connection with the scam, Interpol announced this week, and it's now the subject of ongoing investigations across Europe.
German health authorities first allocated $16 million to two buyers in mid-March to procure millions of face masks as the country was entering lockdown to slow the spread of COVID-19. The buyers identified a company ostensibly based in Spain selling masks, and made contact using company email addresses.
As it turned out, the company was real, but the website was a fake clone set up by scammers — and the German buyers were in communication with email addresses that had been compromised by the cybercriminals.
"Those arrested in this case had no connections to the medical equipment industry. They were simply experienced fraudsters who saw an opportunity with the outbreak of COVID-19," Interpol Secretary General Jürgen Stock said in a statement.
The suspects allegedly asked the German buyers for a $1.6 million down payment for an initial shipment of 1.5 million masks. The victims of the scam paid that amount, but realized they were being scammed when they received a message the day of the supposed delivery asking for another emergency down payment of over $950,000.
After the buyers alerted the authorities, the $1.6 million transaction was frozen and Interpol tracked down the recipients, who intended to route the payment through the UK to a bank account in Nigeria.
The incident is one high-profile example of a rising trend of scammers using fake emails and misleading websites related to COVID-19 to cash in on health agencies' desperation. Every country on Earth has been hit with a coronavirus-related cyberattack, according to Microsoft, and the majority of scams take the form of phishing attacks where threat actors use fake emails or websites to fool victims.
"They adapted their sales pitches to take advantage of strained supply chains and generate huge profits," Stock said. "Interpol will continue its work on the case — and the many others like it."