Phishing for Carbon Credits

If you invent a new currency, don’t be surprised when the scammers and counterfeiters show up. Especially when your currency is itself a scam.

Hackers Steal Millions in Carbon Credits

The hackers launched a targeted phishing attack against employees of numerous companies in Europe, New Zealand and Japan, which appeared to come from the German Emissions Trading Authority. The workers were told that their companies needed to re-register their accounts with the Authority, where carbon credits and transactions are recorded.

When workers entered their credentials into a bogus web page linked in the e-mail, the hackers were able to hi-jack the credentials to access the companies’ Trading Authority accounts and transfer their carbon credits to two other accounts controlled by the hackers. …

According to the BBC, it’s estimated the hackers stole 250,000 carbon credit permits from six companies worth more than $4 million. At least seven out of 2,000 German firms that were targeted in the phishing scam fell for it. One of these unidentified firms reportedly lost $2.1 million in credits in the fraud.

Wired’s online commenters seem to get it:

Well somebody’s going to rob the taxpayers blind, it might as well be hackers….

Is it illegal to steal [a] fraudulent product?

What’s next? Possibly this:

Dear Sir or Madam.

I found your name on the email listing, I am Ngweke Ndugu, Chief Barrister of the Federal Carbon Bank in Lagos, Nigeria. Recently, I discovered twenty-two millions of U.S. dollars ($22,000,000.00 ONLY) in unclaimed Carbon Credits …

Cross-posted at VladEnBlog