Week 22: Fake telephone numbers and fake invoices

08.06.2022 - The number of reports received by the NCSC was high last week. Aside from the threatening emails supposedly from the police, the NCSC mainly received reports concerning fake telephone numbers. In addition, the NCSC received a tip-off about an invoice manipulation scam that targeted a company's customers.

Growing number of reports regarding alleged missed calls

Last week, the NCSC received dozens of reports from angry citizens complaining about persistent calls from private individuals, who simply wanted to return a missed call. What was behind these cases?

The missed calls were made by call centres using fake numbers that are actually assigned to private individuals. In the case of fraudulent calls or calls from dubious call centres, it is common practice to fake the phone number by displaying an innocuous Swiss number, thereby enticing the recipient to answer the phone. However, the actual owners of the numbers are virtually flooded with callbacks if the same caller numbers are always used. Some of those who submitted a report received up to 50 calls per day. Unfortunately, little can be done about this.

In unregulated telephone networks (unlike in Switzerland, where telephone providers are regulated by OFCOM), a caller can use any caller number by using an appropriate program. This method can be used to make arbitrary calls to Swiss landlines and the mobile network, for example. The number defined by the attacker is not checked by the telephone providers, and is instead relayed one-to-one and shown on the display. Based on experience, the floods of calls fortunately subside again after a short time.


  • Contact your telephone provider to discuss measures if the calls do not stop after several days.

Business email compromise (BEC) also targeting customers

In the case of business email compromise, the fraudsters hack into companies' email accounts and search for existing correspondence containing an invoice. Then, the IBAN indicated in the invoice, to which the amount is to be paid, is changed by the fraudsters and the email is resent to the recipient with some more or less plausible reason.

Up until now, this type of fraud was mainly used with companies that have partners or suppliers abroad. The invoices in those cases are correspondingly high and it is easier to explain a change of IBAN in international business. However, a report from last week showed that the attackers are now targeting smaller companies and their customers as well. One reason is likely to be that more and more companies are sending their customer invoices directly via email and no longer by post.

In the case at hand, a customer bought a used car from a garage. The invoice for over CHF 18,000 was sent via email. After a short time, the customer was instructed to transfer the amount to another account for logistical reasons. The email account was hacked in this case and the fraudsters then had access to the customer's invoice and were able to manipulate it. The email access credentials are usually stolen in advance by means of phishing.

  • Raise all employees' awareness of these possible methods of attack, especially phishing attempts.
  • Ignore unusual payment requests. Be particularly sceptical if money is suddenly to be transferred to a different IBAN.
  • Check whether the IBAN and billing address match. In the case mentioned, the amount of the invoice from the Swiss company was to be transferred to a foreign account.
  • In the case of unusual requests, check by telephone that the request is genuine.

Last modification 08.06.2022

Top of page