01.06.2021 - Last week, the NCSC received slightly more reports than in the previous week. Notable reports concerned a Swisscom invoice that had supposedly been paid twice. This was a phishing attempt. In addition, a victim of investment fraud was contacted by an alleged "regulator" who promised help.
Phishing emails with Swisscom invoice allegedly paid twice
Phishing emails with the subject "Please check your refund", "Refund reference" or similar have been circulating for some time. The emails claim that the recipients have paid their last invoices twice and that they can apply for a refund. The attached link, which the readers are supposed to click on for a refund, claims to take them to an official Swisscom webpage. However, the actual link hidden behind it leads to a bogus website with a Swisscom logo and a request to enter their mobile phone number and a password. After entering further requested information, they are taken to another website which asks them to enter their credit card details. Interestingly, there is a link entitled "Phishing info" on the registration page. In addition, the actual phishing page claims that the payment is 100% secure. After entering the credit card details, the user is redirected to a third website where a code which has been sent to the victim by text message is to be entered. This code is used to override the credit card's two-factor authorisation. This last step then allows the fraudsters to carry out the fraudulent transaction. The websites quickly give rise to suspicion because they have texts in different languages, indicate different amounts of money and, probably due to faulty language formatting, display special characters incorrectly.
A typical feature of such phishing attempts is the warning that the refund request must be submitted within 12 hours. The aim is to put recipients under pressure and give them as little time as possible to become sceptical and recognise the fraud. However, it is likely that this is also in the scammers' best interest, as the websites used for the scam are sometimes pulled down again very quickly.
Never divulge personal data such as passwords or credit card details on a website that you have accessed by clicking on a link in an email or text message. Bear in mind that email sender IDs can easily be spoofed. Be sceptical if you receive emails that require action on your part and that carry a threat of consequences (loss of money, criminal complaint or court proceedings, blocking of account or card, missed chance, misfortune, etc.) if you do not do what is required.
Purported help for a victim of an investment scam
This week, the NCSC received a report concerning a victim of investment fraud who was offered help by an alleged "regulator", i.e. a body that oversees investment companies. In the past, the NCSC often received reports of supposed lawyers, notaries or even law enforcement agencies contacting victims following an investment scam – currently often involving cryptocurrencies – and promising to recover the lost money. In the current case, this help was offered by a purported regulator. In the first stage, a relationship of trust is established and relatively sensitive data such as a copy of an identification document, an IBAN or similar must be provided. The NCSC assumes that certain fees will then be charged in a second step for the purported assistance. It goes without saying that the victim will not receive any help. On the contrary, the victim will be defrauded a second time.
In the reported case, the "regulator" claimed to work for an organisation that supports victims of investment fraud. The organisation indicated is also bogus. Its sophisticated website was only launched in March 2021 and is operated in the Netherlands. The Danish address given on the website is supposed to inspire confidence, as the official public services of the city of Copenhagen are also at the same location.
Be careful if you are suddenly offered help by a third party after a case of fraud. In particular, do not make any further payments, including any purported fees, to recover the money you lost.
Last modification 01.06.2021