Week 26 in review

06.07.2021 - The NCSC received an average number of reports last week. There was a good illustration of how fraudsters obtain credentials for real estate portals. There was also a very sophisticated example of advance fee fraud. In this case, an apparent payment confirmation for EUR 414,900 was received. The victims were even able to log into the fake account and make a small withdrawal.

Apartment for sale – without a viewing but with fees

The NCSC regularly receives reports of fraudulent real estate adverts. These always follow the same pattern: an existing advert is copied and false contact details are added. If a buyer or tenant expresses an interest, they have to transfer a deposit or pay a fee sooner or later. As the "seller" is apparently abroad, it is not possible to visit the property. The buyer therefore has to take the seller at their word, without any kind of security.

In a carefully prepared email from the fraudsters, the person advertising the property was informed that their details on the real estate portal were incorrect. The senders were obliging enough to send a link with the mail, leading to a website where the incorrect details could easily be corrected. To make the correction, the victim had to enter their user name and password for the genuine real estate portal. However, the page was a fake and the credentials went straight to the attackers. Shortly thereafter, the contact details in the genuine advert were changed and potential interested parties were diverted to the fraudsters.

  • If you suspect that the seller has fraudulent intentions, immediately stop the communication and ignore future emails.

  • In the event of financial loss, the NCSC recommends filing a report with the cantonal prosecution authorities.

  • Inform the real estate portal about the incident. It can block the corresponding offers, buyers and sellers.

  • If you provided a copy of your ID card or passport to the fraudsters, report the incident to your commune's ID or passport office.

EUR 414,900 has just been paid into your account. What initially looks tempting turns out to be fraud

"EUR 414,900 was transferred to your account" – at least according to the text message sent to many Swiss citizens last week. However, as it turns out, the amount is not on a known or existing account, but instead on an account with an investment portal calling itself Coinomac. Helpfully, the access credentials, including user name and password, are sent with the message.

Fraudulent text message

If anyone logs into the website with these credentials, a page is displayed that apparently confirms the transfer. But in order to access the account, it must first be "secured". For this, a new password must be selected and confirmed. Then, in a second step, the user must provide their mobile phone number, so that the website can send them a one-time password.

The account is then released and the victim sees their "credit balance". It really is possible to make a withdrawal from this fake account, but the maximum amount that can be withdrawn is limited to 0.0001 bitcoins – currently just over CHF 3. If the user attempts a further withdrawal, this is no longer possible because a "savePro mode" has been activated. To deactivate this and make further withdrawals, the victim must now pay in 0.026 bitcoins (approx. CHF 850). It can be assumed that additional fee demands will be made but that a payout will never be possible.

  • Ignore and delete the text message.

  • If you transferred money, file a report with the prosecution authorities.

  • Be careful if lawyers suddenly contact you promising to retrieve the money but require a fee for doing so.

Current statistics

Last week's reports by category

Reports per week during the last 12 months

Last modification 06.07.2021

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/wochenrueckblick_26.html