Phishing Scam Cripples European Emissions Trading

Spiegel Online
02/03/2010

Sneaky cyber-thieves have made millions by fraudulently obtaining European greenhouse gas emissions allowances and reselling them. The scam has hampered trading of the credits, which are seen as an important tool in curbing climate change, in several European countries.

Most Internet users are familiar with the e-mail scam known in the jargon as "phishing." A plausible-looking e-mail arrives in your in-box, supposedly from your bank or a Web site like Ebay, informing you that your account has been "compromised" and that you urgently need to log in to the company's Web site to rectify matters. The catch is that the Web site the e-mail directs you to is a spoof created by the hackers, meaning that anyone who falls for the trick is unwittingly handing over their all-important user names and passwords to the criminals.

Savvy e-mail users know to delete such e-mails straight away. But canny thieves have now used the technique to make money in a very 21st century fashion -- by fraudulently gaining access to companies' greenhouse gas emissions allowances and selling them on.

According to a report in the Wednesday edition of the Financial Times Deutschland, hackers sent e-mails last Thursday to several companies in Europe, Japan and New Zealand which appeared to originate from the Potsdam-based German Emissions Trading Authority (DEHSt), part of the EU's Emission Trading System (EU ETS). Ironically, the e-mail said that the recipient needed to re-register on the agency's Web site to counter the threat of hacker attacks.

[...]