[ISN] Phishing Scam Cripples European Emissions Trading

[InfoSec News]

http://www.spiegel.de/international/europe/0,1518,675725,00.html

Spiegel Online
02/03/2010

Sneaky cyber-thieves have made millions by fraudulently obtaining 
European greenhouse gas emissions allowances and reselling them. The 
scam has hampered trading of the credits, which are seen as an important 
tool in curbing climate change, in several European countries.

Most Internet users are familiar with the e-mail scam known in the 
jargon as "phishing." A plausible-looking e-mail arrives in your in-box, 
supposedly from your bank or a Web site like Ebay, informing you that 
your account has been "compromised" and that you urgently need to log in 
to the company's Web site to rectify matters. The catch is that the Web 
site the e-mail directs you to is a spoof created by the hackers, 
meaning that anyone who falls for the trick is unwittingly handing over 
their all-important user names and passwords to the criminals.

Savvy e-mail users know to delete such e-mails straight away. But canny 
thieves have now used the technique to make money in a very 21st century 
fashion -- by fraudulently gaining access to companies' greenhouse gas 
emissions allowances and selling them on.

According to a report in the Wednesday edition of the Financial Times 
Deutschland, hackers sent e-mails last Thursday to several companies in 
Europe, Japan and New Zealand which appeared to originate from the 
Potsdam-based German Emissions Trading Authority (DEHSt), part of the 
EU's Emission Trading System (EU ETS). Ironically, the e-mail said that 
the recipient needed to re-register on the agency's Web site to counter 
the threat of hacker attacks.

[...]