13.06.2023 - Every week, the NCSC receives countless reports concerning bogus parcel notifications, claiming that a parcel is being held by Customs and cannot be released until a fee is paid. But what is behind these? Contrary to initial suspicions, phishing sites are not involved. Instead, shady schemers would like to mislead the victims into unknowingly taking out a paid subscription.
Fake parcel notifications are regularly reported to the NCSC. Recent weeks have seen an increase in reports concerning such notifications, with fees amounting to CHF 1.99. After clicking on the link in such an email, a few questions are first asked about the supposed delivery and whether the parcel is to be delivered to the home or workplace, for example. However, no matter what is entered here, a page where credit card details are to be entered always opens at the end. At first glance, this appears to be a typical phishing attempt in which the attackers try to steal credit card details in order to resell them on the darknet. But the approach in the cases observed here is much more perfidious. The fraudsters try to use various tricks to manoeuvre their way into a legal grey area and make the whole process seem legitimate, so that security authorities and providers cannot simply deactivate the sites.
The decisive information is withheld from the victim
A detailed analysis of the page reveals that the upper part is not displayed in full. The scrollbar on the right-hand side actually reveals that there is still something concealed at the top of the page. The fraudsters have specially prepared the page so that this part disappears from the victim's field of vision.
This concealed section indicates in very small print what the page is for in reality. By sending their details, the victims confirm membership for an unspecified service, which automatically converts into a paid subscription after a three-day trial period. The membership fee in this case is CHF 65, which is automatically debited to the credit card twice per month. The victims do not realise that the amounts have been charged to their credit card until the end of the month, by which time two membership amounts have already been debited in many cases.
Who reads the general terms and conditions?
A second variant reported to the NCSC last week also resembles a phishing attempt at first glance. But unlike the variant described above, this one requires the user to accept the general terms and conditions (GTC) and tick a checkbox. The scammers speculate that nobody really reads the terms and conditions and that people accept them hoping for the best. However, opening the GTC reveals a detailed list of the country-specific costs of a monthly subscription, which is automatically concluded if the terms and conditions are accepted. The monthly costs are CHF 52.35 for Switzerland. The fee of CHF 1.99 is for the trial phase.
New variants are circulating as well
Such subscription scams are distributed not only via fake parcel notifications, as other variants are in circulation as well. The latest variant leads recipients to believe that they have reached their iCloud storage limit and cannot save further files as a result. They are informed that there is currently a promotional offer available for an additional 50GB of storage and have to enter credit card details on the following website to verify their Apple ID. Here, too, the victims are redirected to a subscription scam page. The small print refers to a monthly sum charged to the credit card.
Grey area
The operators of such services use these tricks to try to make the offers appear legitimate. They are in a legal grey area, which makes it difficult for the security authorities to take action against such websites and deactivate them. While the process is clearly regulated for phishing sites, it is necessary in a case like this to clarify whether the information concerning a paid subscription was sufficiently clear and was displayed in a sufficiently large font. In any case, the process takes longer than with phishing sites.
- If you provided your credit card details, contact your credit card provider straight away.
- Check your credit card transactions regularly. This will enable you to take immediate action through your credit card company in the event of fraudulent payments.
- Be wary of purported parcel notifications.
- Be particularly careful if you have to give your credit card details in order to access free offers.
- The State Secretariat for Economic Affairs SECO has published an article and a brochure on online subscription scams: https://www.seco.admin.ch/seco/en/home/seco/nsb-news.msg-id-34118.html.
Current statistics
Last week's reports by category:
Last modification 13.06.2023
