The weeks in review

Week 48: motorway tax e-sticker with a service fee

05.12.2023 - Over the past few days, the NCSC has received reports about websites selling motorway tax stickers for more than CHF 40. What at first sight appears to be a fake website is actually using a technique that is already familiar to the NCSC from other contexts. Companies focus mainly on electronic services that can be directly obtained from the relevant government sites. These are then sold on for a fee.

Week 47: Cybercriminals target hotels

28.11.2023 - Cybercriminals are trying new ways to trick hotels and their guests. In the emails currently being sent to hotels, they claim to have been bitten by bedbugs or that they were filmed in the hotel room and are now being blackmailed, among other things. The aim is to trick hotel employees into installing malware.

Week 46: Phishing involving a purported tax refund and crypto wallet phishing

21.11.2023 - A number of phishing cases were also reported to the NCSC last week. Fraudsters continue to target customers of parcel, telephony and transport service providers very frequently. This weekly review presents two less common phishing scams.

Week 45: Don't trust every message you get from a contact

14.11.2023 - The NCSC is once again observing a rise in reports on the following phenomenon: one of your contacts gets in touch via WhatsApp and asks you for help with an urgent problem. All you have to do is forward a code. At first glance, everything seems fine, but unfortunately the forwarding causes your WhatsApp account to be blocked. How does that happen, and what can you do to prevent it?

Week 44: "Hello, this is your bank's security division"

07.11.2023 - The NCSC has recently been receiving regular reports of telephone calls from supposed bank employees claiming to work in the security division. The callers maintain that they want to stop a fraudulent payment. The telephone number displayed corresponds to the bank's official number. This is faked/spoofed by the fraudsters to appear credible.

Week 43: Company-like structures among fake support scammers

31.10.2023 - Threatening calls claiming to be from the authorities have been one of the phenomena most frequently reported to the NCSC since July 2023, and the surge in reports received by the NCSC is attributable primarily to them. As the calls are made during office hours, it can be assumed that the fraudsters are organised like a company.

Week 42: Dynamite phishing – DarkGate follows Emotet and Qakbot

24.10.2023 - After a short respite, the NCSC has again received several reports of malicious emails in the last two weeks that use old emails to trick the recipients into believing that they had already been in contact with each other. Since both the email sender and the old message seem familiar to the victim, the likelihood increases that the victim will click on the link and malware, in this case DarkGate, will be installed on the device. DarkGate is a downloader with advanced functions and also a door opener for ransomware.

Week 41: How trade fair information can be misused by fraudsters

17.10.2023 - Autumn is also trade fair season. In order to optimise trade fair planning for visitors, many organisers provide information about exhibitors and their products online. Such information is helpful for visitors, but it can also be misused by fraudsters, as illustrated by an example reported to the NCSC.

Week 40: Social engineering in the gaming community

10.10.2023 - Last week, a special case of social engineering was reported to the NCSC: in the video game community, a gamer was tricked into downloading a game that eventually turned out to be malware.

Week 39: The various types of fake sextortion

03.10.2023 - The big waves of fake sextortion have been easing off for a few months now, which seems to indicate that the phenomenon is no longer so lucrative for the scammers. The approach has been repeatedly adapted in the past in order to nevertheless find victims willing to pay among those who received the emails. With the latest version, it is no longer possible to rule out the possibility that malware has actually infected the computer. The attackers present a recent screenshot of the victim's computer as proof.

Week 38: When the customer is not king, but actually a hacker

26.09.2023 - A key element for every company is customer relations. The customer is king, so they say. As a result, companies are keen to fulfil their customers' every wish. This approach is regularly exploited by hackers. A particularly sophisticated case was reported to the NCSC last week. Every company should therefore consider what company data it publishes on its website, as this can be used for fraud, but also for phishing.

Week 37: Many roads lead to fake support

19.09.2023 - In recent months, cybercriminals have come up with a variety of fake support scams that are aimed at installing a remote access tool on the victim's computer and then making credit card payments or e-banking transactions.

Week 36: New variants of fake threatening emails from authorities in circulation

12.09.2023 - For the past two years, threatening emails purporting to come from the police or other authorities have been among the most reported cases at the NCSC. After using similar content for a long time, the attackers are now using a new variant to try and unsettle the recipients with allegations of tax evasion.

Week 35: Fake job offers 2.0

05.09.2023 - Fake job offers have already been reported on in previous NCSC weekly reviews. New variants have emerged in recent weeks. In contrast to previous approaches, payments do not have to be made before starting work, but only once the victim has started work.

Week 34: When attackers try to determine the behaviour of email recipients

29.08.2023 - Fraudsters use various methods to optimise their spam lists. Last week, the NCSC discovered scam emails that exploit the read receipt function. In these cases, if the recipients confirm that they have opened and read the email, they receive further scam emails that increase the pressure and urge them to pay.

Last modification 19.08.2021

Top of page