Email Scammers Targeting Athletics Associations

A number of Icelandic athletics associations have fallen prey to email scams and have lost a considerable amount of money as a result, RÚV reports. Police warn these associations to be on their guard; cybercriminals waged a similar campaign against athletics associations a few years ago and are reusing the same techniques now.

The most common type of scam is that the managing director, an employee, or a volunteer of an athletics association will receive an email that appears to come from their organization’s bookkeeper or director. The email will ask them to make a bank transfer to a foreign bank account and say that this needs to be done within a very short window of time.

The scammers seem to have done considerable homework on their marks. According to Auður Inga Þórsteinsdóttir, director of the National Association of Youth Organizations (UMFÍ), athletics associations with higher revenue are asked to transfer more money than less monied organizations—anywhere from ISK 400,000 [$2,901; € 2,452] to ISK 1 million [$7,253; €6,130]. UMFÍ urges any organizations that are targeted by such scams to report them to the police.

Internet fraud and email scams have cost Icelanders a total of ISK 1.5 billion [$10.88 million; €9.19 million] over the last three years.

Feared Losses of ISK 15 Billion in Past 12 Months

currency iceland

Police authorities in Iceland fear that cybercriminals have stolen up to ISK 15 billion from Icelandic companies and private citizens in the past 12 months, Vísir reports. Although many cases still go unreported, a new law enacted in June will obligate companies providing essential services to report cybercrimes to the authorities.

A conference on cyber security was held by the Ministry of Transport and Local Government yesterday. Speaking at the conference, Karl Steinar Valsson (chief of police of the greater capital area) estimated that companies and private citizens have suffered losses amounting to nearly ISK 1,6 billion in the past two years.

As only a fraction of such cases go unreported, Valsson estimates that actual losses are more extensive.

“If I had to estimate then I would say we could safely add another zero to the current number. Not 1.6 billion but 16 billion. I fear that in the past 12 months we’ve lost between ISK 10 and 15 billion,” Valsson said.

New legislation enacted in June will go into effect September 1, 2020. The law stipulates that companies must report cybercrime to the authorities.

“Important infrastructure, especially in the financial and the energy sector, are required to report cases of cybercrime to the relevant regulatory agencies,” Sigurður Ingi Jóhannsson, Minister of Transport and Local Government, speaking at yesterday’s conference stated.

Sigurður emphasised the importance of increased transparency. Companies must report such cases when the occur: “We must learn to do better on a case-by-case basis.”