Current Incidents

Phishing text messages aimed at Revolut customers
The NCSC is currently receiving reports about phishing text messages targeting customers of Revolut. Citing apparent regulatory requirements, the message requests that customers perform an ID verification. To do so, they are supposed to call up a website. Ignore these text messages. Do not enter any passwords on websites that you have reached by clicking on a link.
24.10.2022 16:00
Fake emails in the name of the NCSC
Cybercriminals are currently sending out fake emails in the name of the NCSC. For this purpose, the threat actors are using the domain ncscS .ch (additional S). Do not reply to such emails!
05.07.2022 17:50
Supposed SBB competition
The NCSC is currently receiving numerous reports of a supposed competition run by SBB to celebrate its 120th anniversary and with the possibility of winning CHF 2,000. After answering a few questions, you have to register and a subscription for CHF 14.50 per week is thereby taken out. Ignore this WhatsApp message and do not forward it to your contacts.
10.06.2022 11:20
Spate of call centre phone calls with fake numbers
Call centres are currently making calls using fake numbers that are actually assigned to private individuals. The number owners are now receiving callbacks from other private individuals, who were notified of missed calls. There can be dozens of such calls. Unfortunately, little can be done about this. Based on experience, the waves subside again after a short time.
03.06.2022 09:00
Voice message leads to malware
The NCSC is currently receiving reports of text messages alerting the recipient to a supposed voice message. Anyone who clicks on the link in the text message is taken to a fake website, where the victim is prompted to download the message. In reality, however, it is a case of malware. Do not download this file under any circumstances. Do not click on the link in the text message and delete the message.
10.05.2022 16:05
Text messages with alleged notifications lead to malware
Text messages with alleged (parcel) notifications are currently in circulation. Here are some examples (in German): «S ie haben einen neue Bena chrichtigung!» or «Tr acking: Ihr Paket ist unteowegs». The spaces in some words are typical. Clicking on the link opens a page on which packaged software is supposed to be downloaded. It is actually the FluBot malware. If you have received such a text message, delete it immediately. Do not install the file under any circumstances!
25.03.2022 09:30
Swisscom bills allegedly paid twice
We are currently receiving numerous reports about Swisscom bills that have allegedly been paid twice. These are phishing emails. The attackers are using this method to try to obtain access data to the Swisscom Customer Center, as well as credit card data, including a one-time text message code. Ignore such emails.
25.02.2022 15:00
Threatening emails purported from the police
In recent days, the NCSC has noticed an increase in purported threats made in the name of the police (fedpol, Europol, Interpol). The emails threaten to initiate criminal proceedings against the recipient because he/she has visited websites with child pornographic content. The emails come in several variations. Ignore any such threatening emails.
02.02.2022 11:00
Attacks targeting QNAP network-attached storage (NAS) devices
The NCSC is currently receiving reports of DeadBolt and Qlocker ransomware attacks targeting QNAP NAS devices. They seem to be exploiting a new security vulnerability for which an update does not yet exist. Affected devices should not be accessible from the internet until it is remedied. Install all available updates as soon as possible.
27.01.2022 10:20
Old email communication being used to spread malware
Emails that use old email exchanges known to the recipient are once again being sent. A link to malware is added to the email, which is then resent to the recipient. The mail texts used include, for example (in German), "Bitte lesen Sie dies so schnell wie möglich" or "Bitte schauen Sie sich die angehängte Datei an" "DOKUMENT DOWNLOAD LINK". Do not click on any link and do not open any attachment.
17.12.2021 09:40