Week 16: Fraudsters use information from public registers for bogus invoices

26.04.2022 - Last week, the number of reports received by the NCSC was lower than it has been for a long time. This was probably due in large part to many people who make reports being away over the Easter holidays. Among other things, bogus invoices sent to SMEs stood out. In order to make their scams more authentic, the fraudsters also systematically search publicly accessible registers for information.

SMEs receive dozens of invoices every day. As some reports last week showed, fraudsters speculate that smaller, three-digit amounts remain under the radar in some companies and are not systematically checked. Fraudsters speculate on this negligence and try to obtain money using endless new tricks. Here are some specific examples of this practice:

Bogus invoices after registering a trademark

After a company has notified the Swiss Federal Institute of Intellectual Property (IPI) of a new or amended trademark or patent, and this notification has been examined by the IPI, it is published in the swissreg.ch register, which is publicly accessible. Obviously, this process involves certain fees.

Dubious providers and fraudsters now automatically scour this register for new entries and then send the companies invoices for payment of the registration using all the correct information from the register. The deadline for payment is always kept extremely short, just a few days are given. The fact that this is done systematically can be seen, on the one hand, in the reports received by the NCSC and, on the other hand, in the long list of dubious providers which the IPI itself published.

On the left is an invoice from the dubious provider, on the right is the database entry from swissreg, where all the data used was copied from
On the left is an invoice from the dubious provider, on the right is the database entry from swissreg, where all the data used was copied from

In the small and extra-small print of these supposed invoices, there is often a note stating that the document is merely an offer, and that is only accepted upon payment.

Small and extra-small print stating that the invoices are merely offers
Small and extra-small print stating that the invoices are merely offers

Fake invoice for fake software

A similar trick was used when sending invoices for non-existent software. The software on the invoice, that was supposedly to be paid, existed solely as an advertisement on the website of an office supplies dealer that was probably equally untrustworthy.

Non-existent software on the website of a supposed office supplies dealer
Non-existent software on the website of a supposed office supplies dealer


In many cases, all these invoices are also sent by post. Payment is often to be made via accounts with Spanish IBANs. The amounts are inconspicuous and not excessively high, so they can be paid directly without any further checks being conducted. Cancelling is likely to be extremely difficult and costly, and the chance of getting the money refunded is also extremely small.

  • Check all invoices to ensure they are plausible. In particular, this includes IBANs and company locations in countries that have nothing to do with the purported invoice.
  • In addition, check whether the goods/services listed on the invoice were actually ordered.
  • Always read the small print on invoices.
  • Be aware of what information about your business is publicly available. Many fraudsters use this information to make targeted fraud attempts.
  • Define ordering/payment processes to detect such fraud attempts.
  • Provide regular training for your employees.
  • Contact your financial institution as soon as you notice a case of fraud; they may be able to stop the payment.
  • Further information can be found at: 
    Do you have your payment processes under control?

Last modification 26.04.2022

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2022/wochenrueckblick_16.html