image: twitter / PO3T 1985
Criminals send fake Swisscom bills via e-mail – that's how you recognize fraud
A new wave of phishing has been rampant in Switzerland since today. Fraudsters falsified Swisscom's email to get passwords, credit card data, etc. From their victims and thus delete the bank account. The Federal Government Computer Emergency Response Team writes on Twitter:
"Attention! Cybercriminals are sending fake e-mails on charges of being billed on behalf of Swisscom. The aim is to infect computers with the Trojan Gozi e-banking. Don't open attachments and delete letters."
The Gozi e-banking Trojan was first discovered in 2007. It is constantly being changed by internet criminals and recirculated through fake e-mails or manipulated websites. Those who fall into the trap are caught by malware that transmits user data such as passwords to criminals. Gozi is also capable of making transactions unnoticed by users. The attackers redirected the e-banking application to the e-banking website that was copied. So e-banking users enter their password on a website that looks like a real banking site but is operated by an attacker.
In recent years, the attackers have evolved e-banking Trojans such as Gozi and Retefe and their methods vary again and again.
Fraud can be identified by a suspicious sender's address and a link like this:
image: twitter / @ralfbeyeler
In general, fraudsters are more and more in the grip of phishing emails that many Swiss people are now accustomed to receiving their invoices via email and of course want to check the amount, that is, without suspicion click on the usual button «View Invoice». The link hides a dangerous ZIP file in the current case.
Such scams are often – but not always – based on fake e-mail addresses that are visible. If you mouse over the "Show Invoice" button, you will also recognize phishing attempts. Cheat links are displayed in the browser at the bottom of the screen. In email applications on smartphones, fake e-mail addresses and links are often not easily recognized because the application hides the real address behind the link.
Fraudsters pretend that e-mail is signed by Swisscom:
To combat phishing, Swisscom, UPC and Co. send e-bills with electronic signatures (electronic certificates). Signatures are used like digital signatures. This means the sender of the e-mail is really the telecommunications company in question. How to recognize whether the e-mail really has an electronic signature, Swisscom explained here.
Since Swisscom has been aware of the attack since noon, it has temporarily blocked several infected websites from where the Trojan is being downloaded. Which is clearly still waiting. Virus scanners usually only detect new versions of Trojans after some time.
You might also be interested in this:
Phone fraud is increasing rapidly