Cyber scammers start to use data from public tender register

Computer keyboard,
Computer keyboard, Source: Priit Mürk/ERR

The Information System Authority (RIA) registered 276 internet fraud incidents in June. According to the authority, the number of incidents has remained at a normal level. A new type of billing fraud has started to spread, however, and scammers have started using the details found in the public tender register to pose as the actual tender-winner in some cases.

"The fraudsters took public data in a specific case, the public tender register, which lists the current status and results of international tenders. This way, information about the East-Tallinn Center hospital's tender, which was won by a Lithuanian company, was acquired. The scammers contacted the hospital and presented themselves as the company who had won the tender," Lauri Aasmann, the Head of the RIA Cyber Security Service, explained.

Over several months, €10,000 was as a result defrauded from the hospital.
Using the same handwriting, the criminals tried to cheat money out of another Estonian institution organizing international tenders.

Aasmann said that when paying bills, people need to be more and more careful, because the scammers can be very well prepared.

"They have been doing their homework, and now the companies and institutions have to do the same. Ideally, we shouldn't just keep up with the scammers, we should be ahead of them," Aasmann said.

According to the RIA, a spate of letters lasted throughout June where people were enticed to share their account information in Estonian on unfamiliar pages. The body text of the letters was mostly in English, but the trademarks or other symbols of Estonian institutions and companies were already used in the letter.

So far as the agency is aware, about a dozen accounts from many different companies and institutions were attacked. Hundreds or thousands of e-mails have been sent out of the account, which is set up in such a way that criminals can access the hacked e-mails even after resetting their passwords. Information stolen in this way can later be used to organize billing fraud.

The criminals also had access to an e-mail account of the Estonian Sports Association, and their conversations were monitored for some time. This was interrupted at a time when the coronavirus pandemic made it necessary to repay competition fees due to cancellations of the events. The scammers asked for a change in a bank account, and the association sent "refunds" to the criminals of around €4,000.

As well as trying to get a hold of the account data, there were campaigns using SEB bank's (a Swedish-owned bank) name to steal money from accounts.

In June, RIA found out that the previous May, 27,000 accounts of an advertisement environment had been leaked. Since it is not possible to enter the environment with the same account data, the flaw in the leak is the fact that the same password can be used to enter other accounts. The owner confirmed that he has told the users and the Data Protection Inspectorate about the breach.


Download the ERR News app for Android and iOS now and never miss an update!

Editor: Roberta Vaino

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: