Week 16: When chance plays into the hands of scammers

23.04.2024 - The NCSC frequently receives reports from victims where the scam emails seem plausible because they happen to match a current situation. In such cases, it is particularly difficult to spot scam emails, as shown by three examples that have been reported to the BACS in recent weeks. However, by following a few basic rules, it is still possible to spot such emails.

When coincidences occur

In one case reported to the NCSC just last week, several coincidences came together. The victim was expecting a parcel to be delivered. At the same time, they received a fraudulent phishing email stating that a parcel was not able to be delivered because a fee still had to be paid. The victim duly clicked on the link and entered their credit card details to pay the CHF 1.99 fee. The coincidence of these two events is not very surprising. Statistically speaking, it is not at all uncommon for someone expecting a parcel to receive a phishing email about a parcel delivery at the same time. The NCSC has previously published a report on this topic analysing the statistical probability of such cases (Week 23).

In this particular case, however, the scam went further: shortly after entering the credit card details, the victim received a phone call from someone purporting to be a bank security officer to draw attention to a suspicious transaction. As the victim had just provided their credit card details online, they took the call seriously and granted the ‘security officer’ access to their computer using a remote access tool. The security officer then asked the victim to log in to their online banking account. The alleged security officer went through the motions of carrying out a security check while in fact initiating payments were actually made from the victim’s account.

When the report is genuine, but the email is fake

Phishing emails relating to Swisspass are also among the most frequently reported cases. Due to the sheer volume of phishing emails in circulation, coincidences are inevitable here too. In one case, the victim wanted to use the Fairtiq app. When they were in the process of activating their account, they received a message stating that the credit card details had expired. By chance, the person’s credit card had actually passed its expiry date. When the victim checked their email account a short time later, they came across a message saying that their Swisspass account had been blocked and that they needed to click on the link provided to reactivate the account. As the Fairtiq app had issued an error message shortly beforehand, the email seemed plausible so the victim entered their credit card details on the phishing page. This goes to show that someone who would normally have spotted a phishing attempt under normal circumstances can still fall victim to such an attack if coincidence plays a part.

Supposed problems after providing a hotel with a copy of an ID

As we wrote in last week's article, hundreds of calls in the name of fake authorities are currently being reported to the NCSC. It is therefore not surprising that coincidences also arise here too. For example, one person sent a copy of their ID card to a hotel two days before receiving just such a call. When they received a call purporting to be from a police station to say that something was wrong with their ID card and that it was being misused, it sounded plausible at first. The fact that the person calling spoke in English did not initially raise suspicion as the hotel was abroad. It was only as the conversation progressed that the person concerned began to doubt its authenticity and ended the call before reporting the incident to the NCSC.

Coincidences are inevitable, especially when fraudulent emails and calls are doing the rounds in such large numbers. This is a deliberate tactic used by the attackers as increasing numbers of people are now identifying the emails and calls as being fraudulent. They are therefore trying to increase their chances of success by hoping that their mass phishing attacks coincide with genuine situations experienced by their potential victims.


However, by following a few basic rules, you can spot fraudulent emails even in such situations:

  • As a general rule, be sceptical if someone contacts you unsolicited, whether by phone, text message or email.
  • Under no circumstances should you disclose data such as passwords, codes or credit card details in such cases.
  • Passwords, codes and credit card details are never requested by institutions by phone or email.
  • Do not allow anyone remote access to your computer, no matter how plausible it may seem.

Last modification 23.04.2024

Top of page