Supposedly urgent payment request from the boss or CEO. Typically, the boss or CEO cannot be reached by telephone for further information.
This involves registering a domain name that closely resembles a legitimate one. The reasons for doing this vary – sometimes it's to trick users into thinking they're on the real website, while other times it's simply to redirect people who mistype an address to advertising pages. Always check the address bar in your browser carefully. If you find yourself on the wrong site, close the page immediately.
If you find yourself on the wrong site, close the page immediately.
Report it to the NCSC if it is a phishing site or spreading malware.
Contact the registry of the affected domain to make them aware of the problem. Every registry has an abuse address for this purpose (e.g. abuse@).
If your company's domain name has been copied and you want to regain control of it, the Arbitration and Mediation Center of the World Intellectual Property Organization (WIPO) offers a domain name dispute resolution procedure – this can help you avoid going to court. You can find more information on the WIPO website: https://www.wipo.int/amc/en/domains/index.html
Seek legal advice.
Specific measures
Preventive measures
How the NCSC can help
Further Information
- Do not transfer money or buy gift cards without checking first.
- In the case of unusual requests, verify the accuracy of the order by calling or speaking to the customer in person - not by replying to the email in which the unusual request was made.
- If you have made a payment, contact the bank you used immediately. They may be able to stop the payment.
- If you have suffered a financial loss, we recommend that you report it to the police. You can find your nearest police station on the Suisse ePolice website.
- Raise awareness of CEO fraud among the managers in your organisation.
- In particular, new employees should be informed about the possibility of such attacks. Scammers often specifically target new hires.
- Only publish email addresses on your website if absolutely necessary.
- Do not make any internal information public.
- Be careful when handling unusual payment requests.
- All processes relating to payment transactions should be clearly regulated within the company.
- Your report via the online form helps the NCSC identify trends. This makes it possible for the NCSC to raise public awareness in a targeted way.
- If an IBAN has been misused for fraudulent purposes, the NCSC can report this to the law enforcement authorities.
Last modification 13.12.2020
