20.07.2021 - The number of reports received by the NCSC remains at a moderate level. This week saw several DDoS attacks reported to the NCSC. In addition, the NCSC received reports of an attempted text message scam on Facebook.
DDoS attacks against SMEs leading to extortion
In the last few days, we have received an increasing number of reports from SMEs of DDoS attacks and extortion demands they have received. This increase can be observed globally at the moment. DDoS (distributed denial of service) is an attack on computer systems with the declared aim of disrupting their availability. Attackers threaten to overload the computer systems of the affected SMEs with a large number of requests. The attacked systems are then no longer available or can be used only to a limited extent. This can have far-reaching consequences in the current situation with many employees working from home.
Measures to counter DDoS attacks
DDoS attacks can take place at different levels. Most of them take place in such a way that the attacker accesses a single resource – for example a company's web server – using a vast number of hacked systems simultaneously. As a result, the huge volume of requests can no longer be handled, leading to an outage. Generally, a single company cannot cope with such an attack itself and needs help from specialists. The NCSC has compiled a list of preventive measures:
If you have already received such an extortion demand, you should in any case contact your internet provider and discuss any potential defence options with them. Usually, when blackmailers realise that they are not succeeding in their aim, they end their attack. Sometimes the threatened attacks simply do not materialise. In any case, you should report the extortion attempt to your local cantonal police.
- Prepare your company for a potential DDoS extortion attempt.
- Do not respond to the extortion attempt and report it to your local cantonal police.
- Hold firm until the attacker loses interest in you.
YOU HAVE WON! – and the prize is an expensive promotional text message
A brazen fraud attempt was reported to us by an online portal provided by a Swiss company and also by an affected individual. The attacker(s) had used the affected community's Facebook account and copied the contact details of the registered members. They then contacted them directly via Facebook Messenger with a prize notification. The victims were promised one of the latest products from the online portal.
The person contacted was supposed to provide their name and address. It was then announced that the delivery of the prize still required the confirmation of a (chargeable) promotional text message. If the victim clicked on the promotional text message indicated, CHF 99.99 was charged to their phone bill.
The scammers probably assumed that the promised profit would discourage the victims from checking the details of the text message and that they would confirm it without thinking.
- Do not respond to unsolicited messages. If in doubt, contact the sender via an official address.
- Be aware of where and what aspects of your personal data can be viewed by strangers. Make an effort to be as "low data" as possible in your life.
Last modification 20.07.2021