Week 30: Online fraud with little technical knowledge and a lot of perseverance

31.07.2023 - The NCSC receives many reports concerning typical fraud patterns where IT is used only as a means of committing the crime. Unfortunately, this means that it is also possible for fraudsters with minimal IT skills to launch attacks via the internet. Two typical methods are presented here: advance-fee fraud and requests for financial help from "acquaintances".

The progress being made in the area of digitalisation, especially with the support of artificial intelligence, is making many things possible, including the fact that fraudsters with very little technical knowledge but a lot of perseverance can do their worst on the internet. Two current examples illustrate this.

Advance-fee fraud – impersonal via email or personalised with a website

Most advance-fee scams involve messages that promise a donation, an inheritance or a lottery win. Sometimes a purported former soldier sends a message saying that he has hidden a box of gold on an airfield and is now looking for someone who can help him recover it. What all these scams have in common is that first a small amount is to be paid, then an ever larger amount, in order to get the "reward" – which, of course, does not exist.

Very typical advance-fee fraud, in which a well-known Swiss philanthropist is supposedly giving away EUR 1,700,000

Recently, such emails are being sent with a link to a website. Furthermore, the login credentials are provided – this makes it look as if the email recipients have access to an account that is in their name and already contains some money.

Advance-fee fraud with link and access credentials for a personalised page, which then displays a fictitious account with a credit balance; the promised USD 250 turns out to be several times that amount on the website

However, fees, taxes and much more first have to be paid for withdrawals.

An acquaintance asks for money

There are now millions of datasets on the darknet that also contain user names and passwords. With a little effort, it is possible to find up-to-date datasets that can be misused by attackers. Once the attacker has logged into an email account, for example, he sends a fabricated story to all the contacts listed there, prompting the desired sympathy among the readers. Naturally, a request to donate or advance money follows at the end of the story.

A purported acquaintance talks about his cancer and then asks for an "advance" of CHF 1,000 in iTunes cards, which are typical for this type of fraud, as this payment method cannot be traced

In the same category, we find the currently frequently reported case where a text message is received supposedly from a son or daughter whose mobile phone is broken, hence the unknown phone number. A bill apparently has to be paid urgently, but this is not possible because the login credentials for online banking are on the mobile phone.

Chat history supposedly with the daughter in Swiss German. The request to pay two bills is outlined in red. Was this created using AI or do the fraudsters speak Swiss German?

In both cases, the attackers hope that the recipients will fall for the scam and thus pay the requested sum to the attackers.

What all such scams have in common is that they require little technical expertise but are time-consuming. Nevertheless, helpful programs based on artificial intelligence are now available for translating languages.

Recommendations:

Ignore such messages.
If you have already made contact, end all communication immediately and do not make any payments.
If you made a payment, we recommend that you immediately contact the financial institution through which it was made. They may still be able to stop it. We additionally recommend that you contact a local police station and file a criminal complaint.

Current statistics

Last week's reports by category:

Current figures