21.03.2023 - In CEO fraud attempts, attackers gather data from public sources in advance. They usually use company websites that list their employees and their functions. However, data on social media platforms can also be used for such fraud attempts, as shown by a case reported to the NCSC last week that targeted a company's HR department.
14.03.2023 - Two years ago, the first NCSC weekly review was published. It was the start of a weekly series in which we report on the latest cyberincidents. Each week, we provide various tips on how to protect yourself and what to do in case of an incident. Including today's, more than 100weekly reviews have been published. The NCSC would like to thank all its readers for their interest. The current review shows what risks arise when disposing of or passing on computers, smartphones and USB sticks. The number of reports received by the NCSC fell sharply last week as the wave of fake extortion is now easing.
13.03.2023 - New ways of working are being introduced in many companies and organisations. For example, employees increasingly have the option of working away from the office and accessing the network remotely. However, remote access technologies carry certain risks. For this reason, it is important to observe a few security rules, both at home and on the road. Below you will find some tips on what you can do to make your mobile workspace more secure.
07.03.2023 - The number of reports received by the NCSC increased again in the ninth week of 2023, with 871 reports, the highest number received this year and the fourth highest in its history. Threatening emails purportedly from authorities accusing the recipient of a criminal offence accounted for the largest share. Now, the NCSC is often being given as the sender of these scam emails. Reports of phishing have also increased in the last three months. This week, a case of real-time phishing was discovered, which seeks to exploit second-factor authentication.
02.03.2023 - In many types of fraud, the attackers demand personal details such as name, address and telephone number. In some cases, they also ask for an IBAN or ask the victim to send a copy of a passport or ID card. A widespread myth is that it is possible to hack an online banking account with this information alone.
28.02.2023 - The number of reports received by the NCSC rose again in the eighth week of 2023. Phishing messages in both email and text message form are among the cyberphenomena most frequently reported to the NCSC. In most cases, they are simple standard phishing attempts. However, last week saw a few very sophisticated and original variants being reported. This included apparent voice messages, password-protected phishing PDFs and phishing websites disguised as special offers on belated motorway tax sticker purchases.
21.02.2023 - The number of reports received by the NCSC fell slightly in the seventh week of 2023. The NCSC received an increasing number of reports of encrypted VMware ESXi systems and urgently recommends that all updates be applied. In addition, emails attracted attention in which it was claimed that the recipient's social security benefits would be stopped. However, a daily amount could be won in a competition. Other emails claimed that the minimum pension will be increased and that credit card details were needed for this.
14.02.2023 - The number of reports received by the NCSC remained at the same high level last week. Attacks on Microsoft Office365 accounts stand out. These accounts are often secured with a second factor and are therefore harder to hack. So attackers are going to considerable lengths, using real-time phishing to obtain login credentials nonetheless. They use the stolen credentials to send phishing emails or for business email compromise attacks.
07.02.2023 - The number of reports received by the NCSC rose slightly in the fifth week of 2023, with 726 reports. In a phishing case reported last week, the attackers promise to activate a fast 6G network. This phishing attempt is very sophisticated and comprises a number of stages. The attackers even use stolen personal details from the victim's client portal.
06.02.2023 - Launched by the European Commission, Safer Internet Day takes place every year in February to promote a common awareness of safe and responsible use of digital media. In Switzerland, the Youth and Media national platform and the National Cybersecurity Centre, among others, use this day to raise public awareness. Thanks to the mnemonic S-U-P-E-R, internet users can easily check and optimise their cyberspace conduct.