07.11.2023 - The NCSC has recently been receiving regular reports of telephone calls from supposed bank employees claiming to work in the security division. The callers maintain that they want to stop a fraudulent payment. The telephone number displayed corresponds to the bank's official number. This is faked/spoofed by the fraudsters to appear credible.
Have you recently bought a flat screen?
In recent weeks, the NCSC has been receiving a growing number of reports of calls from supposed bank employees enquiring whether the person contacted actually made a payment. In many cases, it is claimed, for example, that an amount was debited for a flat screen purchased from an electronics retailer. The "employees" recommend calling the cantonal police fraud division immediately. The relevant telephone number needed to call the police is also provided. In other variants, the victim additionally receives a text message with a four-digit code.
What seems plausible at first glance is actually not even possible. Although the bank can see the amounts debited in its system, it does not know anything about the products or services purchased by the client. This means that a bank generally has no way of knowing what a client bought or, as in this case, that a flat screen was purchased.
According to the reports, the callers usually pretended to be employees of major banks. With big banks, it is more likely that the person being called actually has an account with the bank the fraudster claims to be from. One case made it particularly clear that the perpetrators do not proceed in a targeted manner. In this case, the person contacted stated that he was not a client of the bank mentioned. In the course of the conversation, however, he revealed which bank he was actually a client of. A short time later, the victim received another call, but this time the "correct" bank was used. The fraudsters had thus relayed the information in the background and tried their luck again with the new details.
Fraud in two stages
Meanwhile, there are also cases in which clients of smaller banks are being targeted. It cannot be ruled out that the attackers are now using lists. The NCSC does not know where the fraudsters obtained such lists.
In another case, the victim initially received a call from a bank employee, who informed him that a payment had been initiated from his business account to a blocked account at another bank. The alleged bank employee said that he would contact the victim again in two days to discuss the next steps. This first call not only serves to gain the victim's trust, but can also be used to request specific information from the victim and to try to find out where the victim banks.
As announced, the victim received another call from the "bank" two days later, and this time the bank's official telephone number was also shown on the mobile phone display. This was accompanied by a text message, again with the correct sender details of the bank. The text message stated that a payment of CHF 30,000 had been temporarily "suspended". It also contained a code. The victim was then instructed to install the remote maintenance software AnyDesk on his smartphone.
Afterwards, the victim was tricked into performing various tasks and checking his online banking, and was asked to confirm various details in order to cancel the payment. The NCSC assumes that the victim was lured to a website prepared by the fraudsters where they could cancel fictitious, allegedly fraudulent payments. Access credentials and one-time passwords were requested for this purpose. The fraudsters then used this data in the background to log into the victim's e-banking and initiate the corresponding payments, while in the foreground the victim was led to believe that the payment had been successfully cancelled.
- End such phone calls immediately.
- Do not give anyone remote access to your devices.
- If you granted remote access, there is a possibility that your computer or mobile phone has been infected.
- Immediately uninstall the remote access program.
- If you suspect an infection, have your computer examined immediately by a specialist and cleaned if necessary. The safest option is to completely reinstall the computer. However, do not forget to back up all personal data beforehand.
- If you have suffered a financial loss, report the matter to your bank and file a criminal complaint.
- Never call phone numbers that you receive by email or text message.
- If you are unsure who a telephone number belongs to, find out who the owner is before you call.
Current statistics
Last week's reports by category:
Last modification 07.11.2023