Attention eBanking abuse

The scam is according to Melani new: The perpetrator calls SMEs in Switzerland under a pretext to obtain an e-mail address (e.g., the upcoming delivery of a package). If such an e-mail address is provided, the perpetrator sends a plausible-sounding e-mail with a link to a known cloud provider within a short period of time. Behind the link is a ZIP archive containing a malicious Java script or executable file. The changes made to the victim's operating system by clicking on this file (namely changing the Web Prox settings of Internet Explorer and Firefox, as well as adding a malicious Certificate Authority to the trusted certificate store), allow the attacker to access the victim's eBanking the next time he logs into his eBanking account.

Retefe" malware

Based on the technical infrastructure and malicious code used by the attackers, Melani and the Cybercrime Coordination Unit (Kobik) assumes that the attack is related to the attacks carried out by the malware "Retefe" last year.

Melani and Kobik therefore recommend:

• Be suspicious of calls from strangers
• Be wary of emails with links that are not immediately obvious or written out (e.g. "Click here"), even if they come from supposedly trustworthy senders.
• If you receive a lock screen when logging into e-Banking after entering the login information (password, mTAN/token), e.g. "e-Banking is currently unavailable", contact your bank immediately
• If other unusual events occur during the login process (e.g. minute timer display, etc.), the bank should also be contacted
• If you have been a victim of fraud, report it to Kobik via Registration form and file a complaint with the cantonal police station.

For IT security in SMEs, Melani and the federal SME portal have each published a fact sheet:

• Leaflet IT Security for SMEs
• 10-point program to increase IT security