30.08.2022 - The number of reports received by the NCSC fell slightly again last week. However, the number of reports received so far this year already exceeds the total number of reports received last year. A case reported to the NCSC in recent weeks is a good example of how important it is to carefully check invoices for company registers, listings and business directories, and also to read the small print.
Total number of reports for 2021 already exceeded
With over 22,000 reports, the NCSC has already received more reports in 2022 than in the whole of 2021. The NCSC would therefore like to take this opportunity to thank all those who have submitted reports. When people submit a report, they make an important contribution to making cyberspace safer, as preventive measures can be taken and the national cybersituation can be better assessed.
Invoices from supposed company registers and business directories
Companies rely on being found quickly by potential customers. That is why there are various registers in which companies can be listed, usually for a fee, and that data is then published in business directories. It is crucial for companies that the published business directories are known at least regionally and have a corresponding reach. Unfortunately, there are numerous offers that do not deliver what they promise. Hence, the NCSC regularly receives reports on offers that promise registration and publication in business directories that either do not exist at all or are only marginally known. If such invoices are not carefully cross-checked, companies run the risk of paying money for a service that does not even exist.
A case reported to the NCSC in recent weeks is a good example. Various companies received an invoice from a certain "Registerverlag für Wirtschaft Schweiz", which appeared to concern payment for an entry in connection with the Swiss commercial register.
All publicly available commercial register data had already been entered in the form enclosed with the invoice. In the letter itself, reference was made to the domain "Zeffix" (with two f's) and a corresponding email address was even set up under this domain name for any queries.
Needless to say, this domain was chosen to suggest that the invoice is linked to the official "Zefix" portal of the Federal Commercial Registry Office (FCRO). However, Zefix is spelled with only one "f"! The website of the Central Business Names Index, Zefix, enables users to search for all companies entered in the cantonal commercial registers.
A closer look at the text of the letter reveals on the first page that this is just an offer and that registration is optional.
It seems obvious that the senders are counting on the recipient overlooking these lines and assuming that it is an official invoice.
- Check all invoices carefully. In the case of unusual orders within the company, check by telephone that the order is genuine.
Current statistics
Last week's reports by category:
Last modification 30.08.2022
