05.10.2021 -With the start of the autumn holidays, the NCSC received fewer reports last week. It has observed that fake support call fraudsters have been trying to reach their victims in other ways recently. Ill-gotten money has to be laundered at some stage. The second case describes how people are sought for this.
Browser pop-ups used for fake support
In the case of fake support, the fraudsters call people chosen randomly and pretend to be employees of an IT company such as Microsoft. The discussion aims to convince victims that malware has been found on their computer. The fraudsters then request access to the supposedly infected computer in order to remove the malware. In actual fact, the fraudsters use the access to steal bank data and install malware themselves.
Due to recent amendments to the Telecommunications Act, telephone providers are now legally obliged to block such calls, which makes life more difficult for the fraudsters and means that they have to look for new ways of getting to their victims. And they have found it in the possibility of opening various pop-ups in the browser and displaying warning messages. When a website is opened, dozens of other websites are sometimes called up in order to load further content. In this way, the fraudsters manage to display their own content, such as the warning message below.
Based on the victim's IP (Internet Protocol) address, it is possible to find out in which country the computer is located, and the browser settings enable the fraudulent pop-up to find out not only the operating system installed, but also the language used. Armed with this information, the fraudsters now target the victim, i.e. by citing the correct operating system and a Swiss telephone number. A new pop-up is thus opened and tells the victim to call this Swiss telephone number in the Zurich area.
If you observe such behaviour, please report the internet address of the pop-up and the precise time. The NCSC can use this information to have further investigations carried out by the competent police force.
- Never let yourself be pressured online or by emails.
- Always use an up-to-date browser when surfing the net.
- Use secure browser settings.
- Block pop-ups on your browser; instructions for all current browsers can be found online.
- Use the freely available security services on the internet. Use a secure DNS (domain name system) service such as Quad9. Consult the respective homepage to find out how to set this up on your computer.
Money launderers wanted
The NCSC received an interesting report with a screenshot which actually tells the whole story. The person who contacted us had placed an advertisement on a Swiss classified ad platform to look for work. A person with a Swiss telephone number responded to the advertisement via WhatsApp and claimed to be an interested employer. They were looking for someone who had high moral standards and was honest, serious and modest. The employer explained that he needed someone to collect money from his "creditors" and temporarily deposit it in the worker's own account. Afterwards, the money was to be forwarded to the employer. Of course, this was also to be arranged by contract.
Fortunately, the job-seeker immediately noticed that the work in question was as a so-called money mule. Money mules are people who collect the money obtained from online fraud and transfer it to the fraudsters, thereby disguising the origin of the funds and laundering the money for the fraudsters. Such behaviour is a criminal offence and should definitely be reported to the authorities.
The fraudsters often use fake profiles or hacked accounts to make contact, preferably with a Swiss telephone number, as this creates a sense of trust.
- Be wary of lucrative job offers that propose quick earning opportunities, especially if they come from the internet.
- Never make your bank account available to third parties.
- Do not transfer funds on behalf of others, especially if this is to be done by post or money transfer service.
- Report such job offers to the authorities, stating the precise time of contact.
Last week's reports by category:
Last modification 05.10.2021