Week 1: Bogus hospital website and proposal of hacking services

11.01.2022 - The NCSC kicked off the first week of 2022 with an increased number of reports. Many cases of fake extortion in the name of police organisations again appeared among the reports. A bogus website for an actual hospital also attracted attention, and hackers offered their services via spam emails.

Bogus website for a Swiss hospital

The NCSC regularly receives reports of fraudsters copying well-known web shops in order to lure customers with very cheap offers and then supplying them with inferior goods or no goods at all. It is rather rare that websites which do not offer any goods or services are copied. Last week, however, the NCSC received a report of a bogus website for an actual hospital. The fake website contained the name of the hospital, as well as the correct address and telephone numbers. Yet, the fake website is only available in English – which would be rather unusual for a Swiss hospital's website.

However, the fraudsters changed the contact email addresses provided, and stock photos from the internet and invented texts were used for the staff portraits.

Left: The stock photo used with the details of the hospital's supposed doctor. Right: Two uses of the same stock photo for other advertisements.
Left: The stock photo used with the details of the hospital's supposed doctor. Right: Two uses of the same stock photo for other advertisements.

The intentions behind the scam are not immediately obvious. However, given the elaborate design, the website seems to be intended for targeted fraud and not mass scams. As the website lists a large number of vacancies for almost all occupations, fraud involving fake work permits and overly expensive entry visas for foreign job seekers could be a possibility.

The website lists many advertised jobs for all kinds of occupations.
The website lists many advertised jobs for all kinds of occupations.

It is also conceivable that romance scammers are using the site to give their stories more credibility.

Unfortunately, even when it is obvious that bogus websites like this are being used for fraudulent purposes, it is not easy to remove them from the internet. Most providers and hosts only remove a site in response to legal pressure. Once the site is finally deactivated, the fraudsters quickly move the website to another provider and leave it to continue running there. In this case, it helped that the website imitated a well-known hospital. This meant the real hospital was able to take legal action against the use of its name quickly and inexpensively by means of arbitration.

  • Check a website carefully before you trust it. Use search engines and review sites to do this.
  • Be suspicious if you notice errors in language and if links do not take you to the desired page.
  • You can search for suspicious images online using the reverse image search function.
  • Beware of job offers that require an advance payment. If in doubt, ask the authorities directly.

Hacking services offered by email

Most people imagine hackers wearing hoodies and sitting in front of a computer in a dimly lit room. In a figurative sense, too, these people operate in the dim light of the internet, i.e. on the darknet. This is why several spam emails reported last week were intriguing. Hackers freely offered services for all sorts of purposes (hacking bank accounts, hacking email accounts, hacking Twitter, etc.) and they can be easily reached by email or WhatsApp, via a Canadian number.

Services offered in the email.
Services offered in the email.

We do not know what would happen if contact were to be made. In general, the requested service would have to be paid for in advance in a cryptocurrency. Whether the service would then be delivered is questionable. However, the purported hackers do not need to fear being reported to the police either, as a victim who orders such hacking services would hardly report such a case of fraud to the prosecution authorities.

  • Ignore unsolicited offers that are sent to you.
  • Use your email client's spam filter to block such messages.

Last modification 11.01.2022

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2022/wochenrueckblick_1.html