27.12.2022 - The number of reports received by the NCSC declined last week. In the days after Christmas, unwanted gifts are often offered for sale on classified ad platforms. However, even when selling an item, people need to be wary of scammers and phishers, as shown by a case reported to the NCSC.
Classified ad phishing with fake instructions from Swiss Post
Classified ads offer scammers a multitude of attack options. The classical variants include selling non-existent goods or not paying for purchased goods that have already been sent.
The NCSC is increasingly seeing another variant that targets sellers. Here, the fraudsters feign interest in a product and urge the victim to use a parcel delivery service chosen by the alleged buyer for delivery and transfer of the money. If the victim agrees, fictitious fees are imposed by the supposed parcel delivery service, and the victim is required to pay them by credit card. The attackers mainly target credit card details in these cases.
Unlike the general phishing emails that are sent in large numbers in the hope that the generic text will occasionally work and catch out the victims, the phishers in the current cases go to great lengths, communicating directly with each individual victim and adapting their scenario to the situation at hand.
In a new variant reported to the NCSC, the phishing attempt started with the "buyer" suggesting to use Swiss Post's parcel delivery service instead of the agreed advance payment. The attackers made quite an effort to convince the victims and inform them about how the service works. For example, the phishers first sent a screenshot of a supposed Swiss Post website describing the detailed procedure for the alleged money and parcel transfer.
The phishers copied Swiss Post's information page on express and courier services, replicated its appearance and completely changed the rest of the text, except for the delivery details. The seller is prompted to click on a "link code" during the delivery process in order to receive the money. So in this case, fictitious fees are not demanded like in most cases, but the seller is tricked into clicking on the malicious link with the indication to confirm receipt of the money. The link then leads to a phishing page, where victims have to enter their credit card details to complete the transaction.
With the message and the link code to confirm the alleged receipt of payment, as well as the deceptively authentic-looking Swiss Post website, the phishers aim to gain victims' trust so that they will not suspect anything later on and will instead click on the indicated link without thinking and enter their credit card details.
- Be careful with demands from buyers. Insist on shipping and transaction fees being paid by the buyer. Also write this explicitly in the advertisement.
- Never enter a password or credit card number on a page you reached via a link in a message. It is most likely a phishing attempt.
- Install two-factor authentication whenever possible. This offers an additional layer of protection to prevent your account from being hacked.
Current statistics
Last week's reports by category:
Last modification 27.12.2022