Week 25: Spotting phishing is becoming increasingly difficult

Languages

Service navigation

Search

Navigation

Week 25: Spotting phishing is becoming increasingly difficult

27.06.2023 - The NCSC received 985 reports last week, the highest number in its history. This was due to a wave of fake threatening emails claiming to be from the police, as well as numerous reports concerning various phishing emails. Two phishing attempts reported to the NCSC last week indicate that phishers are putting more and more effort into creating accurate phishing pages. Just minor errors indicate the malicious nature of the phishing emails and the websites referred to.

Phishing is one of the phenomena most frequently reported to the NCSC, so the evolution of this type of attack can be observed quite clearly. Two recently reported phishing attempts are particularly noteworthy.

One phishing attempt is via a text message supposedly from Swiss Post. The text explains that a parcel cannot be delivered "because you have not completed some steps". The text is followed by a phishing link.

The page displayed after clicking on the phishing link seems very authentic. However, it quickly becomes clear that it is not possible to search for the parcel on the main page (as is the case with the official website); an error message appears instead.

Phishing page without phishing link with tracking subpage; the only unusual thing is the "404 Not Found" message (outlined in red)
Phishing page without phishing link with tracking subpage; the only unusual thing is the "404 Not Found" message (outlined in red)

There is no phishing link on the website itself. Most likely, this would be on the main page and could not be loaded (hence the error message) or the phishers would have to resend another phishing link.

Phishing attempts to acquire bank login credentials are also becoming increasingly perfidious. A phishing email targeting Credit Suisse credentials is used as an example here.

Phishing email targeting Credit Suisse login credentials
Phishing email targeting Credit Suisse login credentials

Only the footer of the email contains a format error, which presumably occurred during transmission from another language region.

Format error in the footer of the phishing email; the "Global Patriot Act Certificate" referred to seems to have slipped in
Format error in the footer of the phishing email; the "Global Patriot Act Certificate" referred to seems to have slipped in

It is becoming increasingly difficult to detect phishing emails and phishing sites straight away. Never enter personal data such as passwords or credit card details on a website that you accessed by clicking on a link in an email or text message.

  • Never divulge personal data such as passwords or credit card details on a website that you accessed by clicking on a link in an email or text message.
  • Install two-factor authentication whenever possible. This offers an additional layer of protection to prevent your account from being hacked.
  • No bank or credit card company will ever send you an email requesting that you change your password or verify your credit card details.
  • Bear in mind that email sender IDs can easily be spoofed.
  • Be sceptical if you receive emails that require action on your part and that carry a threat of consequences (loss of money, criminal charges or criminal proceedings, blocking of an account or card, missed chance, misfortune) if you do not do what is required.

Last modification 27.06.2023

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2023/wochenrueckblick_25.html