30.11.2021 - Today, on Computer Security Day, the NCSC looks back on another week that saw an increase in the number of reports received. The familiar fake support scam is now being perpetrated in cases of investment fraud. The well-known phishing attempts made in the name of Swiss Post are also appearing in a new guise. The scammers pretend to be a chatbot from the postal service.
Computer Security Day
Computer Security Day has been held on 30 November since 1988. In order to commemorate this day fittingly, the NCSC encourages you to raise awareness about the importance of cybersecurity in your company, among your acquaintances and in your local community. It is a good opportunity to update your software, check your antivirus protection and make sure that regular backups of your data are made.
In addition, you could also give the outside of your computer some care today, for example, clean the screen and remove any crumbs from the keyboard. Once this is done, the digital cleaning tasks such as checking the antivirus protection will be much easier. The NCSC wishes you and your computer all the best!
Fake support calls now also lead to investment scams
Almost everyone with a landline has received a call from a supposed Microsoft employee. Typically, the callers say that your computer has been infected with malware and that they need access to the device. However, it would appear that the longer this scam goes on, the less it works. In order to make more people fall for the scam again, the fraudsters have developed a new ploy: they say that the person being called was granted an account containing CHF 250 in a court case. Since this sum was invested in bitcoin a few years ago, the account is now worth around CHF 30,000. In order to transfer the money, an account has to be opened at a cryptobank or a frozen account has to be reactivated.
In order to "help" those called get the money, they are asked to install software (e.g. AnyDesk or TeamViewer) that allows the scammers to access their computer. In addition, the fraudsters ask for details of the victims' bank accounts and credit cards so that the amount supposedly owed can be transferred to the right place.
The callers use all manner of psychological tricks to wrap their victims around their little fingers, and are not afraid to make open threats.
- Never allow yourself to be put under pressure on the phone.
- End such calls immediately and block the number.
- Do not give anyone remote access to your computer and do not allow yourself to be pressured into installing remote maintenance software.
- If the fraudsters do have your bank account information, inform your bank immediately.
Email with link to parcel delivery chatbot leads to subscription scam
This week, the NCSC received several reports of emails from a supposed parcel delivery service. The sender is given as "Post.ch" and the subject is "Tracking number: 371-34632900. Delivery error". The email itself states that the address is missing for a recent delivery.
The link leads to a chatbot which introduces itself as "Your virtual guide Suzy". The first thing to do is to confirm the tracking number. A photo of the alleged parcel is displayed with the request to enter the private or business address.
At the next stage, "Plan and pay for delivery", you would expect a credit card phishing attempt to appear in order to collect the processing fee of "less than CHF 2". But this is not the case; instead, you end up in an alluring subscription scam with the offer of an iPhone 12 for CHF 3.
However, the scammers have not quite thought this new modus operandi through to the end: if you answer "no" to the question of whether the tracking number is correct, you end up on Google's search engine.
- Do not click on any links in emails that you have not requested or in emails that you are not expecting.
- If you are unsure, contact the parcel delivery service directly and ask.
Current statistics
Last week's reports by category:
Last modification 30.11.2021
