Tuesday , November 12 2019
Home / switzerland / Criminals send fake Swisscom-watson emails

Criminals send fake Swisscom-watson emails

Be careful, this bill is not from Swisscom, because people recognize, among other things, fake sender e-mail addresses. image: twitter / PO3T 1985

Criminals send fake Swisscom bills via e-mail – that's how you recognize fraud

A new wave of phishing has been rampant in Switzerland since today. Fraudsters falsified Swisscom's email to get passwords, credit card data, etc. From their victims and thus delete the bank account. The Federal Government Computer Emergency Response Team writes on Twitter:

"Attention! Cybercriminals are sending fake e-mails on charges of being billed on behalf of Swisscom. The aim is to infect computers with the Trojan Gozi e-banking. Don't open attachments and delete letters."

The Gozi e-banking Trojan was first discovered in 2007. It is constantly being changed by internet criminals and recirculated through fake e-mails or manipulated websites. Those who fall into the trap are caught by malware that transmits user data such as passwords to criminals. Gozi is also capable of making transactions unnoticed by users. The attackers redirected the e-banking application to the e-banking website that was copied. So e-banking users enter their password on a website that looks like a real banking site but is operated by an attacker.

In recent years, the attackers have evolved e-banking Trojans such as Gozi and Retefe and their methods vary again and again.

Fraud can be identified by a suspicious sender's address and a link like this:

The hesitant link behind the blue "Display Invoice" button betrays the fraud. image: twitter / @ralfbeyeler

In general, fraudsters are more and more in the grip of phishing emails that many Swiss people are now accustomed to receiving their invoices via email and of course want to check the amount, that is, without suspicion click on the usual button «View Invoice». The link hides a dangerous ZIP file in the current case.

Such scams are often – but not always – based on fake e-mail addresses that are visible. If you mouse over the "Show Invoice" button, you will also recognize phishing attempts. Cheat links are displayed in the browser at the bottom of the screen. In email applications on smartphones, fake e-mail addresses and links are often not easily recognized because the application hides the real address behind the link.

Fraudsters pretend that e-mail is signed by Swisscom:

To combat phishing, Swisscom, UPC and Co. send e-bills with electronic signatures (electronic certificates). Signatures are used like digital signatures. This means the sender of the e-mail is really the telecommunications company in question. How to recognize whether the e-mail really has an electronic signature, Swisscom explained here.

Swisscom reacted

Since Swisscom has been aware of the attack since noon, it has temporarily blocked several infected websites from where the Trojan is being downloaded. Which is clearly still waiting. Virus scanners usually only detect new versions of Trojans after some time.

You might also be interested in this:

Phone fraud is increasing rapidly

Video: srf

Subscribe to our newsletter

Jeff Bezos, the richest person on the planet and "the worst boss in the world"

He started as a small e-book dealer. Now he is the richest person in the world, the emperor of the world of technology, an Elon Musk on steroids. Jeff Bezos will soon replace Apple as the most valuable company with Amazon. But how is that possible?

Many Amazon founders and bosses: visionaries, multi-billionaires, exploiters. Investor Legend Warren Buffett praises Jeff Bezos as "the greatest entrepreneur of our time". The union saw him as a "World Tax Prevention Champion".

The richest person in the world is Bezos. But that was not enough for him. The Empire's technology developed space reusable rockets, sold face recognition software to the police, or produced Oscar-winning films. The …

Link to Article

Source link