16.03.2021 - There was a moderate number of reports to the NCSC last week. Phishing emails, subscription scams and cases of fake support were frequently reported. Numerous reports were also received concerning the Exchange server vulnerability published by Microsoft on 2 March 2021. A phishing email that used the name of the NCSC and ultimately turned out to be an awareness campaign was particularly noteworthy.
Microsoft Exchange server vulnerability
Last week was dominated by the Microsoft Exchange server vulnerability. The NCSC received various reports from affected companies, but also proactively wrote to hundreds of Swiss companies to warn them about possible abuse of this vulnerability. The NCSC recommended immediately applying the patches provided by Microsoft, as well as checking the systems to see whether they had already been compromised. Soon after the security vulnerability became known, it was already exploited by criminals.
Awareness campaign that used the NCSC as the sender
An unusual case occurred last Thursday. The NCSC was notified of a phishing email that used the NCSC as the sender and asked the recipients to click on a link. However, a brief analysis revealed that the email was part of an awareness campaign. The NCSC's consent was not obtained for this, though.
Note:
Certain minimum standards have to be met when conducting awareness campaigns. These can be obtained from the NCSC (incidents[at]ncsc.admin.ch). Consent should always be obtained from the respective company or organisation if third-party company names/logos are used in awareness campaigns (in the email and/or on the phishing page).
Moreover, the names of blue light organisations and state bodies should never be used for such campaigns.
