06.04.2021 - Last week, the number of reports received by the NCSC was low. Most of the reports that came in concerned fake sextortion and phishing attacks against financial institutions or providers. One type of phishing attempt stood out in particular: the attackers went to great lengths to gain their victims' trust, and then struck in the final stage to obtain login and credit card data. It also emerged at the weekend that the data of over 500 million users that was stolen from Facebook in 2019 had been published online. Swiss Facebook users are also affected.
Supposed invoice turns out to be credit card phishing
"An invoice amount of EUR 251.21 has been debited. To cancel the payment, click on this link" was the text message sent last week to numerous Swiss citizens. Surprisingly though, after the link was clicked, there was no request for either login credentials or credit card details. Instead, a user name and supposed password were prefilled as suggestions in the corresponding fields. By clicking the login button, victims were apparently routed to the account, in which an invoice for EUR 251 was listed.
Clicking on the supposed invoice opened another webpage showing full payment details. This page also contained an option to cancel the invoice. This is precisely the moment the attackers were waiting for, as only then was the actual phishing attempt launched. After the corresponding button was clicked, the cancellation process was started. However, this also involved the victims entering their credit card details.
A cancellation procedure does not usually require credit card details. However, having used the preceding steps to build trust, the attackers speculate that the victims will no longer question the plausibility and will enter the desired data without thinking. This tactic is often used to trick victims into doing things they would never normally do.
The NCSC has reported the phishing site to the provider in order to have it taken down as quickly as possible.
Data of 500 million Facebook users published online
It emerged at the weekend that the roughly 500 million user details stolen from Facebook in 2019 had been published online. Swiss Facebook users are also affected. The published user data contained details such as surname, first name, telephone number, date of birth, home address, etc.
The stolen data is likely to be used first and foremost for social engineering. The NCSC has published information on this here:
Facebook users can check whether they have been affected by this or other data leaks by consulting the portal Haveibeenpwned.com. If your email address has been affected, you should change your email password immediately.
Further information on this topic is published here:
Last modification 06.04.2021