Week 42: Fake German financial market supervisory authority promises to retrieve funds lost to fraud

25.10.2022 - The number of reports received by the NCSC remained unchanged compared to the previous week. Last week saw an increase in reports of phishing and fraud related to financial services offered by Revolut. Fraudsters also posed as the German financial market supervisory authority and contacted victims of investment fraud, claiming to be able to retrieve their lost assets – for a fee, obviously.

Alleged investigative success of law enforcement agencies against investment fraudsters

On numerous occasions in the past, the NCSC has reported on cases where people claiming to be lawyers, notaries or even the prosecution authorities have contacted victims of investment fraud and promised to get their money back for them. Whereas the fraudsters often come across as rather amateurish and are therefore easy to spot, in one case reported to the NCSC last week they went to quite a lot of effort.

The fraud starts with an innocuous-looking email from the "German financial market supervisory authority". The victim is addressed by their full name and the email claims that the German prosecution authorities have successfully acted against investment fraudsters. The fraudsters have apparently been caught and various confiscated hard drives have been decrypted. The message asks the victim to support the prosecution in order to ensure a guilty verdict for the fraudsters. For this purpose, the victim is supposed to click on the link provided.

Email claiming to be from the German financial market supervisory authority and asking the victim to use an online form to contact it about a prosecution.
Email claiming to be from the German financial market supervisory authority and asking the victim to use an online form to contact it about a prosecution.

Website with online form of the alleged German financial market supervisory authority

The links leads to an elaborately designed website purporting to be that of the German financial market supervisory authority based in Berlin. The website requests the victim to provide details of their case. In addition to personal details such as email address or telephone number, the form also asks for detailed information on the fraud case, like the name of the fraudulent investment firm, the amount invested and the time of the payment, as well as a detailed description of the incident.

Fraudulent website with a form requesting details on the fraud
Fraudulent website with a form requesting details on the fraud

Once the details have been submitted, the fraudsters contact the victim. Using the information on the incident obtained via the form, they are now able to gain the victim's trust by pretending that they know all about the incident. The victim is given hope that the lost money has been traced and can be retrieved. However, the money will only be released after a corresponding fee is paid. In this way, the fraudsters exploit their victim's desperation. Any payment made by the victim is always followed up with additional demands for payment that need to be made in order to get at the lost money, and this continues until the victim realises that they have been fooled yet again.

Recently registered websites

A quick bit of research on the website reveals a few discrepancies. For example, the site was registered only recently, on 29 June 2022. This is a typical feature of a fraudulent website. Moreover, there is no financial market supervisory authority at the address given in the imprint. Not only is the name wrong – in Germany, the financial market supervisor is known as the BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht, or Federal Financial Supervisory Authority) – the address is too. The BaFin has offices in Bonn and Frankfurt, not Berlin. A web search for the text passages used on the website quickly reveals the sites from which the attackers copied the text. The attackers have helped themselves to content on the webpages of the Austrian authorities and have used it to create a fictitious German authority. Copying texts from a variety of official websites to set up a fake site is a well-known phenomenon which the NCSC sees on a regular basis.

The test in the fraudulent website's imprint was copied from the website of the Austrian Federal Ministry of Finance.
The test in the fraudulent website's imprint was copied from the website of the Austrian Federal Ministry of Finance.

Preventive measures

  • Be careful if you are suddenly offered help by a third party after a case of fraud. In particular, do not make any further payments, including any purported fees, to recover the money you lost.

  • Never allow yourself to be put under pressure.

  • A film with practical tips on how to protect yourself against investment fraud is available at:
    https://www.finma.ch/en/documentation/finma-videos/schutz-vor-anlagebetrug/

  • Check whether the financial service provider has been authorised by the Swiss Financial Market Supervisory Authority (FINMA). The FINMA website provides information on authorised financial service providers in Switzerland:
    https://www.finma.ch/en/finma-public/authorised-institutions-individuals-and-products/

  • Particular caution is required if the financial service provider is not authorised. Check out the financial service provider using online reviews. However, bear in mind that reviews can be bogus too.

Last modification 25.10.2022

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2022/wochenrueckblick_42.html