Week 6: Phone calls about apparent package deliveries, and misuse of hacked Facebook accounts

15.02.2022 - The NCSC received a large number of reports last week. Once again, SMEs are receiving phone calls about apparent package deliveries and are being pressured into opening emails containing malware. Hacked Facebook accounts are also being misused for investment fraud. And the fake extortion emails, apparently sent on behalf of the prosecution authorities, are now cropping up in German too.

SMEs once again received phone calls announcing a package delivery but delivering malware

A practice that has been observed for many years now appears to be making a comeback (see Week 32 in review, 2021): companies are contacted by an apparent delivery firm (TD-Express, Swiss-Express, etc.) to confirm the delivery of a package. At the same time, the people taking the call receive an email which refers to the phone call. The callers try to pressure them into opening the email and clicking on the attached file. This file seems to be a PDF but is in fact an .exe file (which is executable in the Windows operating system) or a link to such a file – a so-called downloader. This downloads the malware from the internet and launches it. In most cases, it is an e-banking Trojan that tries to steal access credentials.

Logo of the package alert from an earlier message.
Logo of the package alert from an earlier message.

The callers speak German and French and the displayed phone number has a Swiss prefix but is fake. Displaying a fake phone number is known as phone spoofing and is a common fraud tactic.

The lengths gone to by the fraudsters show that they obviously expect to reap a substantial reward from this activity.

  • Be wary of all unsolicited emails.
  • Do not allow yourself to be put under pressure by the caller, especially if they want you to click on a link or open a file in an email.
  • If you already clicked on the file or the link, stop using your computer – any data you enter could be diverted to the fraudsters.
  • If you use your computer for payment purposes, inform your financial institution.
  • Perform a full reset of your computer.

Report it:

  • Report such cyberincidents to us and, if possible, forward us the email concerned.
    Report an incident

Hacked Facebook friends get hold of iTunes cards

The fact that electronic identities can easily be faked or stolen is something that we observe week after week. Last week saw a special case: someone received a tempting financial offer from a close friend via Facebook. There were big profits to be made from just a small investment. However, the offer had to be taken up quickly, because it was only available for a short time.

In order to make the invested amount available as quickly and easily as possible, the person was told to buy iTunes cards and hand over the numbers and codes via Facebook Messenger. By promising that the payout would happen imminently, it was possible to persuade the victim to repeat the process several times.

Unfortunately, it turned out that the Facebook account and the close friend had been hacked, and the invested money was lost.

Such digital gift cards are a very popular with fraudsters as a way of obtaining money. This is because the normally simple-to-follow money trail can be easily erased.

  • Always be sceptical about digital identities – even if you know the people in real life.
  • Never make payments on the basis of digital identities without first having got in touch with the apparent contact by other means, for example by phone, text message or another messaging service.
  • Never allow yourself to be put under pressure.
  • Be suspicious if someone asks you to buy gift cards and hand over the codes.
  • Protect your digital identities, for example with a second factor such as confirmation by text message.

Last modification 15.02.2022

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2022/wochenrueckblick_6.html