The weeks in review

14.05.2024 - Access to many applications on the internet is now protected by two-factor authentication. Smartphones are playing an increasingly important role as a second security factor when logging into online applications. Cybercriminals therefore try to gain access to these devices in order to obtain the login data. A case reported to the NCSC last week shows that entering a password in a phishing attack on an apparently non-critical internet service may nonetheless have serious consequences. It may also undermine the two-factor authentication process.

07.05.2024 - Crowdfunding platforms have revolutionised the way in which creative projects and innovations can generate financial support. However, even these crowdfunding platforms are not immune to fraudulent practices. Fraud attempts can hinder crowdfunding campaigns or diminish the trust of potential donors. It is therefore important that campaign organisers and donors are aware of the risks, remain vigilant and protect themselves against fraud attempts.

30.04.2024 - Classified ad site for buying and selling items have been popular for a number of years – and this makes them interesting to scammers. In fact, classified ad fraud is one of the most commonly reported offences.

23.04.2024 - The NCSC frequently receives reports from victims where the scam emails seem plausible because they happen to match a current situation. In such cases, it is particularly difficult to spot scam emails, as shown by three examples that have been reported to the BACS in recent weeks. However, by following a few basic rules, it is still possible to spot such emails.

16.04.2024 - The NCSC has been monitoring the phenomenon of fake calls from alleged police authorities for nine months now. In the last three weeks, reports reaching the NCSC about this phenomenon have almost tripled and account for the highest number of reports received since the contact point was founded. However, the high number of incoming reports is not all bad.mittlerweile das Phänomen der gefälschten Anrufe von angeblichen Polizeibehörden. In den letzten drei Wochen haben sich die Meldungen zu diesem Phänomen beim BACS nahezu verdreifacht und sind verantwortlich für den höchsten Meldeeingang seit Gründung der Anlaufstelle. Der hohe Meldeeingang ist jedoch nicht nur negativ einzustufen.

09.04.2024 - The finance department receives a supposedly urgent payment request from the boss. The boss explains that if the person in accounts does not make the payment as quickly as possible, there will be serious consequences for the company as it risks losing an important order. The request usually cannot be queried as the boss is then not available. That is generally the scenario in cases of CEO fraud. Most of these attacks are not very sophisticated and easy to spot. However, artificial intelligence and deepfakes do not stop at this rather simple fraud method, as a recent example reported to the NCSC shows.

02.04.2024 - Federal Councillors are highly respected, widely trusted and enjoy a good reputation in Switzerland. Scammers take advantage of this: to lend credibility to their threatening emails, they make them look like they were sent by a member of the Federal Council. The scammers threaten their victims with criminal charges, usually for illegal pornography, unless they pay a certain amount of money.

26.03.2024 - Online shopping has become increasingly popular, and not just since the pandemic. Nevertheless, caution is required: in the worst case scenario, purchases made online may have unwished-for legal consequences. This is illustrated by the case of a man who received a counterfeit branded item.

19.02.2024 - Strong and complex passwords are key when it comes to protecting access to internet services. However, complex passwords have the disadvantage that they are difficult to remember, which tempts many users to either reuse the same password for multiple accounts or create straightforward passwords. This in turn significantly reduces the level of security. It is therefore worth considering using a password manager. However, as an example reported to the NCSC this week shows, that can also have its pitfalls.

12.03.2024 - Most of the phishing-related complaints received by the NCSC relate to emails or text messages designed to look like they originate from Swiss Post, the SBB/SwissPass or banks. In this edition of the week in review, we look at a variation on this theme targeting users of booking.com.

05.03.2024 - Phishing attempts are among the most frequently reported cyberincidents at the NCSC. Cybercriminals use social engineering methods that they tailor to their target groups. For instance, players of the popular video game "Counter-Strike 2" are currently being asked to take part in a fake vote.

27.02.2024 - Classified ad fraud is one of the offences most frequently reported to the police. The fact that new variants continually arise shows that this is a lucrative business for scammers. Three new types of social engineering attacks reported to the NCSC in recent weeks are designed to trick users of the TWINT payment app.

20.02.2024 - Computer games are very popular and, as in real life, not everyone always plays by the rules. The following report explains how searching for ways to cheat a game can end badly.

13.02.2024- The NCSC frequently receives reports of hacked social media accounts or unknown online purchases. In many cases, the scam can be traced back to a hacked email account. Unfortunately, people tend to underestimate the importance of protecting their email accounts.

06.02.2024 - The NCSC was recently notified of a case where hackers managed to break into a person's home network. After encrypting family photos and other personal data, they issued a ransom note demanding a substantial sum of money.