19.11.2024 - Phishing using text messages has increased significantly in recent weeks. A wave of text messages demanding payment of bogus parking fines is now being followed by messages about fake parcel deliveries. Interestingly, these text messages no longer come in the standard form of an SMS, but via RCS, a protocol mainly used on Android devices, or via iMessage, Apple's text messaging service. This allows fraudsters to bypass mobile phone providers’ SMS filters.
14.11.2024 - Physical letters with MeteoSwiss as the sender are currently being sent out. The letters ask the recipients to download a new ‘Severe Weather Warning App’ via a QR code. However, malware is downloaded to the smartphone instead. This looks similar to the Alertswiss app from the Federal Office for Civil Protection on the smartphone's home screen.
12.11.2024 - Today, President Viola Amherd and Federal Councillor Guy Parmelin received Sweden’s Minister for Civil Defence Carl-Oskar Bohlin for an exchange on current security policy issues. Cybersecurity was also addressed. During the exchange with the director of NCSC, Florian Schütz, it was shown how the public administration, the private sector and researchers are working together to strengthen Switzerland's resilience to cyberthreats.
12.11.2024 - Over the past week, the NCSC has received an increasing number of reports about websites that are compromised in order to make visitors believe that the browser needs to be updated or a CAPTCHA needs to be solved. The aim is to infect website visitors' devices with malware.
08.11.2024 - At the meeting of the Digital Switzerland Advisory Board on 8 November, the National Cyberstrategy (NCS) was the focus of discussions. Under the leadership of the President of the Swiss Confederation Viola Amherd and with the participation of Federal Chancellor Viktor Rossi, representatives of the cantons, business, science and civil society took stock of cybersecurity measures and highlighted the challenges and opportunities of the current strategy.
07.11.2024 - Cyberthreats are increasing significantly: so far this year, the National Cyber Security Centre (NCSC) has received, on average, a cyberincident report every 8.5 minutes. With 34,789 cyberincidents reported to the NCSC in the first half of 2024, numbers have almost doubled compared to the same period last year. The increase is due in particular to a massive rise in fraud attempts, which at 23,104 cases account for two thirds of all reports. Most of these cases involve telephone fraud, as explained in a separate report.
05.11.2024 - A case was reported to us last week that shows how criminals associated with the Black Basta group infect businesses with ransomware. Victims are bombarded with spam emails and then contacted by fake support staff via Microsoft Teams and by phone. Ostensibly, the support staff are there to repair the damage – but in reality, they are scammers trying to gain access to their victims' devices in order to install malware.
04.11.2024 - The NCSC is currently receiving reports of phishing e-mails in the name of the OASI compensation office. The message advises recipients that an alleged refund is pending and that they should provide their personal data and credit card information for this. In reality, the cybercriminals are trying to make purchases with the phished credit card data in their favour.
29.10.2024 - Over the past few years, we have seen a significant change in the tactics used in credit card phishing scams. With two-factor authentication becoming increasingly common, it is no longer enough for scammers to simply trick their victims into sharing their credit card details. Now they have to trick their victims into going through the entire payment process and authorising the payment at the end. That's why they’re always looking for ways to deceive their victims and make them do things they shouldn’t. A particularly brazen example was reported to the NCSC last week.
24.10.2024 - Criminals have been scamming the elderly with distressing phone calls for some time. But now they are also using AI to carry out these attacks: they use voice cloning software that takes one or more voice samples of a person known to the victim and creates a fake voice that sounds similar. This allows scammers to pose as trustworthy people and deceive their unsuspecting victims. These scams are becoming increasingly difficult to detect.
