Sophisticated social engineering and phishing attacks tailored to Switzerland – 19th MELANI semi-annual report
Berne, 23.10.2014 - In the first half of 2014, the main focus was on sophisticated attacks on companies using social engineering, phishing attacks tailored to Switzerland and the Heartbleed security vulnerability in encryption software. Published today, the 19th semi-annual report by the Reporting and Analysis Centre for Information Assurance MELANI highlights these and other incidents.
The victims’ trust is gained through social engineering using information previously gathered. Based on this, they are tricked into negligent and costly actions.
Increasingly sophisticated social engineering
In the first half of 2014, Internet fraudsters targeted Swiss companies using social engineering. Extensive searches were undertaken, e.g. using social media, to collect information of the companies' senior management. The attackers then passed themselves off as the members of senior management to the companies themselves, mentioned strictly confidential business and instructed the accounts department to pay out a large sum of money. In one case, the payment of CHF 1 million was stopped at the very last minute when an employee in the accounts department defied the instructions received and queried the payment with the management board.
Phishing attacks tailored to Switzerland
To obtain data for accessing important information such as credit card details, phishing attacks continue to be launched, but these are geared towards the victims in increasingly clever and enhanced ways. This was the case, for example, with the fraudulent e-mails that were being sent on behalf of the Swiss Federal Office of Energy (SFOE) for several months. The e-mails informed the recipients that they were to be reimbursed CHF 165 and instructed them to enter their credit card number, the corresponding verification code on the back of the card and the card's expiry date on an SFOE website, which was of course a fake website.
Anyone who discloses information such as credit card numbers online should only do so via secure SSL connections and with trustworthy business partners.
Heartbleed – a security vulnerability in encryption software
The Heartbleed security vulnerability that was made public in April enabled attackers to intercept sensitive information. It is estimated that the security solution in question is used on about two thirds of all web servers. This meant that millions of Internet users worldwide were directly or indirectly affected by this security vulnerability. By exploiting this vulnerability, passwords, credit card numbers and a lot of other information were exposed.
The NSA affair brought new revelations to light in the first half of 2014. The current semi-annual report sheds some light on these revelations and tackles the issue of how the NSA affair will affect the protection of privacy on the Internet.
Address for enquiries
Max Klaus, Deputy Head of MELANI
Federal IT Steering Unit FITSU
Tel. 058 463 45 07
max.klaus@isb.admin.ch
Documents
Publisher
Federal IT Steering Unit (ab 01.01.2021: Digitale Transformation und IKT-Lenkung)
http://www.fitsu.admin.ch
Federal Department of Defence, Civil Protection and Sports
http://www.vbs.admin.ch
Last modification 08.12.2020
