Weekly review 43

01.11.2021 - The number of reports received by the NCSC has fallen back to a moderate level. Fraudulent calls from supposed employees of mobile phone providers are becoming more common and various formats have emerged in recent weeks. An alleged donation to a charitable organisation by an ostensible Swiss multimillionaire was also a topic for the NCSC.

Calls from supposed employees of mobile phone providers

Recently, the NCSC has been receiving a growing number of reports concerning calls from alleged employees of Swiss mobile phone providers. A few weeks ago, the NCSC was notified about cases in which loyal customers were called and promised bonuses. Last week, two new variants emerged:

In the first case, an alleged Sunrise support employee claimed that the mobile phone number would be blocked if the victims did not pay and provide their credit card details. In this case, the attacker proceeded very cleverly and asked for a picture of the credit card via WhatsApp. Unfortunately for the attacker, the person called had a contract with Swisscom, and not with Sunrise.

The second case likewise involved a call from an alleged Sunrise employee, this time via WhatsApp. This person knew the victim's full name and address, and then wanted to know the IBAN in order to be able to pay out a supposed prize of CHF 20,000. To confirm that he was actually from Sunrise, he logged into the victim's account, changed the password and sent him a recent phone bill. So the attacker had to have access to the victim's account. It is not clear how the fraud would have ended had the victim not become suspicious and ended the phone call. However, it can be assumed that the access credentials had been leaked beforehand via phishing and the attackers wanted to make some money out of this with a scam.

Be sceptical if you are urged via email or over the phone to disclose data, give access to a computer or transfer money.

Charities targeted by advance fee fraud

Charities depend on donations. Fraudsters also take advantage of this fact, targeting them by promising large donations. In order to receive the alleged donation, however, fictitious fees have to be paid first. These are typical cases of advance fee fraud. It is easy to spot these attempts most of the time. However, a case reported to the NCSC last week showed that there are also more professional attempts. Here, the fictitious foundation of a multimillionaire from the canton of Vaud promised EUR 45,000 to a charity. The associated website has a detailed description of the life and background of the alleged benefactor. The multimillionaire allegedly contracted COVID-19, survived and wants to donate 10% of his income to charity every year as a sign of gratitude. Only at second glance are certain inconsistencies apparent, though. Apart from the fact that the pictures and individual texts come from other websites, it is primarily the information about the domain that raises suspicions. This was not activated until 5 April 2021 with a Swedish registrar, and the .club top-level domain is not exactly common for foundations. You would expect to see a .ch or .org domain here instead. The attempt was detected early on and no damage was done.

If a stranger promises you money, it is usually an attempt to defraud you, especially if you first have to pay a fee to get the money.

Website of the supposed foundation
Website of the supposed foundation

Last modification 01.11.2021

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/wochenrueckblick_43.html