Week 23 in review

15.06.2021 - The number of reports received by the NCSC was moderate last week. A case of CEO fraud exemplified how important the dual control principle is in preventing loss. Fraudulent emails requesting the payment of supposed parcel and customs fees have been circulating for months. Many such messages coincide with orders that have actually been placed. Although those who report these scams are under the impression that the fraudsters must have access to the systems of the Federal Customs Administration or Swiss Post to do so, this is not the case.

CEO fraud prevented thanks to the dual control principle

The NCSC generally recommends the dual control principle, or joint signatures, as a protective measure for payments. The value of this measure was exemplified in a case reported to the NCSC last week. The fraud began in the usual way with an email request from the purported boss to the finance division asking whether an urgent payment could be made at short notice. The fact that the sender was bogus and that the employee was not actually communicating with his boss was not noticed at first. Communication about the payment arrangements went back and forth until the moment when the actual request for payment to a foreign account was made. As per the process in place, the finance employee then had to obtain the second signature, from his work colleague, to initiate the payment. However, the second person who was now involved noticed the attempted fraud immediately and the payment was not made.

Example of an initial CEO fraud e-mail

Raise all employees' awareness of CEO fraud! Especially employees in finance divisions and in key positions must be informed about these possible methods of attack. In the case of associations, all presiding members and treasurers must receive training.
All processes which concern payment transactions should be clearly defined internally and complied with by employees in all cases (e.g. dual control principle, joint signature by two people).
In general, do not divulge any internal information and be careful with payment requests. Do not respond to unusual payment requests.

Statistical analysis of bogus parcel notification emails

Emails requesting payment of customs fees were received practically at the same time as the genuine notifications from Swiss Post stating that parcels were on their way. It is therefore believed that there must have been a data leak at the Federal Customs Administration or Swiss Post. The NCSC has received frequent reports of these and similar suspicions in recent months. To date, however, no data breaches have been detected either at Swiss Post or at the Federal Customs Administration. The reason why such emails are sent at the same time has more to do with statistical factors. There has been a real boom in online orders, particularly in COVID-19 times. Since the outbreak of the pandemic, fraudsters have also caught on to this and have stepped up the sending of bogus parcel notification emails in which they request payment of some kind of fee.

The following example illustrates the high probability of the two messages coinciding:

It can be assumed that an eighth of the Swiss population, i.e. around one million people (for simplicity, this is based on a population of 8 million), place one online order per week. If we also assume that attackers send 100,000 emails to Swiss people every week – and this is a rather low estimate – then, from a purely statistical point of view, 12,500 people will receive a corresponding fraudulent email in the same week that they place their online order.

Sending these emails is a large-scale business for fraudsters. They speculate that if they send out as many of them as possible, they will also reach potential victims who are actually waiting for a parcel.

Example of a scam email demanding a fake fee

Ignore parcel notifications that demand the payment of a fee.
If in doubt, and if you really are expecting a parcel, contact the relevant parcel delivery company and ask.
Remember: no reputable company allows its customers to pay fees with paysafecards.

Current statistics

Last week's reports by category

Reports per week during the last 12 months

Last modification 15.06.2021

Top of page