The weeks in review

19.11.2024 - Phishing using text messages has increased significantly in recent weeks. A wave of text messages demanding payment of bogus parking fines is now being followed by messages about fake parcel deliveries. Interestingly, these text messages no longer come in the standard form of an SMS, but via RCS, a protocol mainly used on Android devices, or via iMessage, Apple's text messaging service. This allows fraudsters to bypass mobile phone providers’ SMS filters.

12.11.2024 - Over the past week, the NCSC has received an increasing number of reports about websites that are compromised in order to make visitors believe that the browser needs to be updated or a CAPTCHA needs to be solved. The aim is to infect website visitors' devices with malware.

05.11.2024 - A case was reported to us last week that shows how criminals associated with the Black Basta group infect businesses with ransomware. Victims are bombarded with spam emails and then contacted by fake support staff via Microsoft Teams and by phone. Ostensibly, the support staff are there to repair the damage – but in reality, they are scammers trying to gain access to their victims' devices in order to install malware.

29.10.2024 - Over the past few years, we have seen a significant change in the tactics used in credit card phishing scams. With two-factor authentication becoming increasingly common, it is no longer enough for scammers to simply trick their victims into sharing their credit card details. Now they have to trick their victims into going through the entire payment process and authorising the payment at the end. That's why they’re always looking for ways to deceive their victims and make them do things they shouldn’t. A particularly brazen example was reported to the NCSC last week.

22.10.2024 - Domain owners who forget to renew their domains on time, or who give their domains up voluntarily, may be in for a nasty surprise. We are aware of several scams where cybercriminals have taken advantage of domain owners’ lapses in attention.

15.10.2024 - In fake support scams, criminals pretend to be from an IT company – such as Microsoft – in order to convince their victims to give them remote access to their computers. In a new type of fake support scam that has recently been reported to us, the scammers also try get hold of the victims’ login details.

08.10.2024 - There are increasing reports of scams being carried out with the help of artificial intelligence (AI). AI can be used to imitate voices, create deepfake videos or write texts in Swiss German. Last week, we received a report that a fake entry had been made on a review site using AI.

01.10.2024 - The NCSC reported on the use of data leaks in fake sextortion emails a few weeks ago. To make victims believe their computers had been hacked, scammers told them they knew their phone number. The scammers have now adapted their approach and are using home addresses to increase pressure on their victims. Our research shows that scammers also get this information from data leaks.

24.09.2024 - Fraudulent investments, especially those involving cryptocurrencies, are a widespread scam. The NCSC is now seeing a lot of advertising on social media for companies and their websites that claim to be able to recover lost money. Unfortunately, they are just another scam.

17.09.2024 - The NCSC receives many reports of private sector providers offering to help people access government services for a fee. However, these providers usually do very little: their service consists of transferring your data from the form on their website to the official form on the government website. These kinds of scams are common for ordering criminal records extracts or motorway tax stickers. Last week, two cases were reported to the NCSC that have to do with travel to the USA.

10.09.2024 - Fraudsters take advantage of every opportunity to get their hands on your money. Last week, two cases were reported to the NCSC in which motorists were targeted by fraudsters. The schemes involved fake websites for motorway stickers in Austria and parking fines in Switzerland.

Overpayment scams and cheque fraud are outdated. Under such scams companies are commonly asked to purchase services from third parties that go beyond the original order. Under normal circumstances the cheque provided should cover all expenses – but in such scams there are no funds to cover the cheque. The third parties to whom the payments are made are fake companies that belong to the scammers. As cheques are now rarely used in Switzerland, scammers are testing new approaches using modern payment methods, as a case reported to the NCSC last week shows.

27.08.2024 - The NCSC has received more reports of hacked WhatsApp accounts in recent days. The approach is similar to what we already observed last year: someone you know contacts you on WhatsApp and asks you to help them with an urgent problem. All you have to do is forward them an SMS code. What's different now is that the scammers are writing in dialect and trying to get you to send them money via TWINT.

20.08.2024 - Data leaks from online service providers are giving scammers new ideas. They are combining information from multiple data leaks to create new data sets that they can then use to scam their victims. The NCSC has received reports of several cases of sextortion where scammers have done exactly this.

13.08.2024 - The holiday season is slowly coming to an end and we have all made wonderful memories to look back on. To ensure that our memories remain safe, it is important that we think about cybersecurity. Read on to learn what to look out for.