17.10.2023 - Autumn is also trade fair season. In order to optimise trade fair planning for visitors, many organisers provide information about exhibitors and their products online. Such information is helpful for visitors, but it can also be misused by fraudsters, as illustrated by an example reported to the NCSC.
The NCSC regularly receives reports from Swiss businesses that are contacted by supposed foreign companies in connection with their presence at a trade fair. The sender claims to have visited the company's stand at the trade fair and to have received the contact details there. This also happened in a recent case reported to the NCSC. The attacker posed as a company based in Scotland, referred to a supposed trade fair visit in April 2023 and stated that he wanted to discuss something.
The email mentions an important matter that needs to be handled with the utmost discretion and states that a personal email address should be provided in order to discuss it. However, this trade fair visit never actually took place. The email recipient was sceptical and did not engage with the sender. Had he gone along with the proposal, it would probably have resulted in some advance payment under the pretext of a lucrative deal.
As with CEO fraud, the attackers in this case use data from public sources. While CEO fraud primarily uses data that can be found on company websites, especially pages that list the functions and contact details of employees, this type of fraud uses trade fair exhibitor lists.
To help visitors find their way around trade fairs, the list of exhibitors can often be consulted online. In addition to this, information such as a brief description of the company or contact details are also provided. While this is practical for visitors, it is a goldmine for fraudsters looking to carry out targeted attacks.
By mentioning the trade fair, the attackers try to create an atmosphere of trust and suggest that they have already met in person at the trade fair stand. This form of personal contact is considered more trustworthy than an anonymous request via email. In most cases, these attacks involve some sort of deal where money has to be transferred.
Recommendation:
- Raise awareness among your employees. Especially employees in finance divisions and in key positions must be informed about these possible methods of attack.
- Ignore unusual payment requests.
- All processes which concern payment transactions should be clearly defined internally and complied with by employees in all cases (e.g. dual control principle, joint signature by two people).
- In the case of unusual requests, phone the head of the company/authority/association to verify that the order is correct.
- If you made a payment, immediately contact the bank through which you made the payment. They may still be able to stop it. We additionally recommend that you contact the cantonal police responsible for your place of business and file a criminal complaint.
Current statistics
Last week's reports by category:
Last modification 17.10.2023