02.07.2024 - Phishers pretending to be from the Federal Tax Administration, menacing emails claiming to be from the Federal Office of Justice and Police and the NCSC, and a barrage of emails last week containing malware hiding behind a fake 'AGOV' government login: scammers and attackers use the names of authorities to put pressure on or gain the trust of the public.
"AGOV' access mandatory for all public services from July 2024". This was the subject of a mass mailing to members of the public last week. The aim was to persuade recipients to install software that was supposedly needed for seamless access to public administration sites, for example for electronic tax filing. However, the link in question did not contain official software – it was malware. If the victim downloads the file and runs it, the computer is infected with malware called 'Poseidon Stealer'. Once this malware is installed on a device, it steals data from the victim's computer and sends it to the cybercriminals.
This email is one of a series of fraudulent emails being sent in the name of the Federal Administration. The criminals take advantage of the trust people have in their government. As a country with strong civic participation and direct democracy, trust in Swiss institutions is high, and scammers assume that such emails are more likely to be taken at face value.
Tax refund emails: a constant
Emails claiming to be from the Federal Tax Administration stating that the recipient is entitled to a tax refund are also perennial favourites in this category. They claim an identity check is required to complete the refund process – and this usually involves entering login information or credit card details. This is a classic example of a phishing scam. The quality of these kinds of emails and websites has improved recently. An email last week, for example, had a link to a refund portal that was almost indistinguishable from the official website. The only indication that it was a scam was the strange internet address and the fact that the site was only available in German.
Threatening emails with all sorts of government logos, not all of which are coherent
For some time now, threatening emails have been circulating which misuse the names of authorities in Switzerland and abroad. These fake extortion emails claim that the recipient has committed a serious crime. The only way to get the charges dropped is to pay money. Once again, the scammers seem to be using as many logos and names of organisations and authorities as possible. 'Quantity over quality' appears to be the motto. In the cases we are dealing with now, fraudsters are using logos and stamps from no fewer than six authorities. There is also a haphazard mix of domestic and international agencies. In these cases, the scammers do not seem to be concerned with authenticity, but rather with intimidating the victim with a list of official bodies.
Emails from (alleged) government agencies also require caution
Emails from (alleged) government agencies also require caution. The same precautions apply as with any email:
- Be especially careful if an email asks you to take any action, such as enter your password, credit card details or install software.
- In general, do not enter personal data on a form that you have opened via a link in an email or text message.
- Only install software from official sources.
- Look for suspicious signs: missing salutation, unofficial link (admin.ch), missing language versions, etc.
- If you are not sure, ask the relevant authorities.
Current statistics
Last week's reports by category:
Last modification 02.07.2024
