Week 30 in review

03.08.2021 - The number of reports received by the NCSC remained moderate last week. Fake reviews on well-known review sites give victims of investment scams tips and contact details for getting their money back. If victims act on these tips, they are scammed a second time. In addition, fraudsters have been trying to take over other people's WhatsApp accounts by means of voicemail hacking.

New pitfalls for victims of investment fraud

Investment scams are regularly reported to the NCSC, which has repeatedly warned that victims of such fraud are often approached again in a second step after some time has passed. An alleged company or lawyer comes forward and claims to be able to recover the invested money for the victims. The fraudsters demand fees for their "services" and usually do so until the victim is no longer willing to pay. Needless to say, the promised money is never returned and those seeking help are ripped off yet again.

The NCSC became aware of a novel approach in a recent report. There were several entries from supposed victims of an investment fraud company on a portal where users can post information on their experience with companies and rate them. They claimed that they had been victims of fraud, but that they had been able to recover their money thanks to help from a supposed Mr Axel in one case and from an unnamed company in another case.

Of course, this is the same scam mentioned at the start. If the victims get in touch with the contacts provided, they are ripped off a second time.

  • Assume that any assistance offered on the fraudulent sites is likewise fraudulent in nature.

  • Be very sceptical of any offers of help promising to refund you for investment scams.

  • Do not under any circumstances pay for such offers of help.

Takeover of WhatsApp account after voicemail hacking

Last week, the NCSC received a report concerning a hacked WhatsApp account that is a perfect example of the lengths some attackers go to in order to obtain access credentials. It can be assumed that the perpetrators proceeded as follows:

First, the attackers tried to hack into the victim's voicemail. Voicemail can typically be accessed from anywhere, but you need the four-digit password to do so. The attackers then tried several times to guess and enter the password.

After a few failed attempts, however, the password is changed by the telephone provider and the account owner, in this case the victim, receives a text message with the automatically changed new password for each failed attempt. It is unclear how and whether the attackers nevertheless managed to take over the victim's voicemail.

In a second step, the attackers tried to take over the victim's WhatsApp account and link it to another phone number. To do so, they requested the required verification code, which always has to be sent to the owner and then entered on the WhatsApp page. This code can be sent by means other than text message. WhatsApp also offers a function whereby the owner receives a phone call and a computer voice reads out the code. This is where voicemail comes into play.

Message on WhatsApp
Message on WhatsApp

If the owner is unreachable or does not answer at that instant, the message is recorded by the answering machine.

If the voicemail has been hacked and the attackers can access it, it is now possible for them to listen to the WhatsApp code and in this way take over the WhatsApp account completely.

  • Change all default passwords as quickly as possible. Do not choose trivial combinations that are easy to guess.

  • Use two-factor authentication whenever possible. This is sometimes called two-step verification.

  • If you receive suspicious messages from your telephone provider, you should report the incident to them as soon as possible.

Current statistics

woche30_en

Last week's reports by category

Reports per week during the last 12 months

Last modification 03.08.2021

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/wochenrueckblick_30.html