The weeks in review

Week 32: Email bombing disguises hacker attack

16.08.2022 - The number of reports received by the NCSC rose slightly. In a hacker attack against an online shop user's account details, an attempt was made to disguise the attack by email bombing. The new type of phishing attack using QR code bills described in the last weekly review is already being used by phishers on a large scale and in different forms.

Week 31: New phishing scheme with QR code bill

09.08.2022 - The number of reports received by the NCSC remained unchanged last week. Two new phishing schemes stood out. In the first phishing variant, a link allegedly leads to a personalised online sharing service, where people have to enter the password for their webmail. In the second new variant, a fake QR code bill in the name of Sunrise is sent via email.

Week 30: Smartphone bank targeted by phishers

02.08.2022 - The number of reports submitted to the NCSC rose slightly once again. Users of the smartphone bank WISE were targeted by phishing attempts. There were also more reports of the quality, quantity or type of goods ordered online not being delivered as expected. The NCSC gives tips on how to identify such webshops.

Week 29: Hacker attacks with stolen login credentials

26.07.2022 - With the summer holidays in full swing, the number of reports received by the NCSC was again low last week. The NCSC received an increased number of reports of attempts to hack into systems using stolen login data; this form of attack is known as "credential stuffing". This can lead to interruptions because legitimate users are also locked out if too many attempts fail.

Week 28: How cybercriminals cleverly exploit holiday absences

19.07.2022 - In week 28, the number of reports received by the NCSC remained low. Several reports on so-called CEO fraud cases stood out. The attackers have adapted their approach so that only a small number of fake email addresses are used in order to attract less attention. It is likely that the timing of the current wave was chosen because of the upcoming summer holidays. Many tasks are carried out by deputies due to holiday absences and attackers know how to exploit this.

Week 27: Fake email senders and hacked email accounts

12.07.2022 - Beim NCSC war letzte Woche der Meldeeingang nochmals tiefer. Aktuell erwecken Fake-Sextortion-E-Mails den Anschein, vom eignen E-Mail-Account abgesendet worden zu sein. Zugleich verwenden die Betrüger Login-Daten aus einem Datenabfluss und hacken E-Mail- und Social-Media-Konten, um ihrer Forderung Nachdruck zu verleihen. Auch erhielt das NCSC letzten Dienstag die Meldung, dass die Domäne ncscs.ch für eine betrügerische E-Mail missbraucht wurde.

Week 26: New phishing variants via telephone and personalised text messages

05.07.2022 - At the NCSC, the number of reports received last week was significantly lower, which is mainly due to the decrease in fake extortion emails. Noticeable were phishing attempts in which no link was sent, but in which a callback was requested, as well as phishing text messages containing a personalised link that can be deactivated after use. The two different approaches show that attackers are willing to invest more time and effort in their phishing campaigns.

Week 25: Increase in reports of incidents involving encryption Trojans (ransomware)

28.06.2022 - The NCSC again received a large number of reports last week. Eight reports on encryption Trojans, also known as ransomware, remind us how important it is to take precautions to protect ourselves from such attacks.

Week 24: Personal devices when working from home pose high risks

21.06.2022 - The number of reports received by the NCSC remained at the same high level last week. An incident involving a data leak and ensuing blackmail shows that using private devices to access company networks entails considerable risks.

Week 23: Supposed SBB competition and the importance of quickly applying patches

14.06.2022 - The number of reports received by the NCSC was high again last week. A supposed SBB competition spread very quickly thanks to the snowball system. And one report provided a perfect example of how important it is to apply patches swiftly.

Week 22: Fake telephone numbers and fake invoices

08.06.2022 - DThe number of reports received by the NCSC was high last week. Aside from the threatening emails supposedly from the police, the NCSC mainly received reports concerning fake telephone numbers. In addition, the NCSC received a tip-off about an invoice manipulation scam that targeted a company's customers.

Week 21: Cases of investment fraud with large losses

31.05.2022 - The number of reports received by the NCSC remained high last week. This was once again due to threatening emails allegedly from the police. Italian versions of these were also reported at the weekend. In addition, the NCSC received reports concerning various cases of investment fraud, some of which involved substantial losses. In most cases, a little research would have quickly revealed the fraud.

Week 20: Warning from Microsoft turns out to be a phishing attempt

24.05.2022 - The number of reports received by the NCSC was high last week. The main reason was apparent threat emails from the police. A user of Microsoft Outlook was also «warned», in an email purporting to come from Microsoft, about unusual sign-in activity from Moscow. Closer investigation by the NCSC revealed this to be a phishing attempt. Thanks to the use of a Sender Policy Framework, this message was identified as a phishing email and automatically moved to the spam folder.

Week 19: Social media hacking with the help of celebrities and new fake support variants

17.05.2022 - The NCSC again received about the same number of reports last week as the week before. Once more, text messages that attempted to trick victims into installing FluBot malware on their smartphones were observed. Attackers also used a devious method to try to hack into social media accounts. In addition, various variants for recovering allegedly stolen or blocked funds were observed.

Week 18: Increase in emails claiming computer is infected

10.05.2022 - The NCSC again received about the same number of reports last week as the week before. There was an increase in reports of emails claiming that computers were infected. Interestingly, after a few clicks, the users actually arrive on the websites of well-known antivirus manufacturers. Resourceful operators are behind all this, exploiting the commission offers of well-known providers of antivirus software.

Last modification 19.08.2021

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/wochenrueckblicke.html