That’s exactly what hackers went after last week when they obtained unauthorized access to online accounts where companies maintain their carbon credits, according to the German newspaper Der Spiegel.
When workers entered their credentials into a bogus web page linked in the e-mail, the hackers were able to hi-jack the credentials to access the companies’ Trading Authority accounts and transfer their carbon credits to two other accounts controlled by the hackers.
Under environmental cap-and-trade laws, there’s a limit to the greenhouse gases companies can emit. Companies that exceed this limit can purchase so-called carbon credits from entities that produce fewer greenhouse emissions than the limit provides them.
The scheme has produced a robust market for the trade of credits. More than 8 million tons of CO2 emissions worth $130 billion were traded in Europe last year.
According to the BBC, it’s estimated the hackers stole 250,000 carbon credit permits from six companies worth more than $4 million. At least seven out of 2,000 German firms that were targeted in the phishing scam fell for it. One of these unidentified firms reportedly lost $2.1 million in credits in the fraud.
The credits were resold for an undisclosed sum. The buyers, who likely believed the transactions were legitimate, haven’t been named.
The German Emissions Trading Authority has suspended access to its databases for a week while an investigation is underway.