Names of federal agencies and companies misused

In recent weeks, fraudsters have increasingly sent emails purporting to be from the Federal Tax Administration (FTA), writes the Reporting and Analysis Centre for Information Assurance (Melani). Reference would be made to a fictitious tax refund, which is supposed to be obtained by filling out an attached document. In other cases, the fraudsters tried to offer services to the taxpayers using the fake sender address of the FTA. However, when the document is opened, malware is then installed, he said. According to Melani, hundreds of thousands of such fraud emails are circulated. In addition to malware variants for the Windows operating system, those for MacOSX have also been sent, the federal agency writes.

Also forged invitations to court hearings

Attackers also use fake invitations to court hearings or e-mails purporting to be from the cantonal police to unsettle recipients and trick them into clicking on a link.

The goal of the attackers is to catch the user off guard, arouse his curiosity, or scare him into taking an ill-considered action. In most cases, it quickly becomes clear that it is a fake. The FTA, for example, only communicates by mail and never via e-mail, as Melani emphasizes in its communication.

What to do?

Tips for email recipients: 

• Be suspicious of emails you receive unsolicited: It is no longer just a case of being critical of emails from unknown people, but also of exercising caution with known senders. Especially trustworthy companies are often misused as fake sender addresses.
• Do not allow yourself to be put under pressure. Take enough time for clarifications and ask the company in case of doubt.
• In rare cases, it may happen that the victim actually expects an email from the company. But even in these cases, there are numerous clues that can be used to distinguish a fraudulent e-mail from a genuine one. Again, take the time to check the plausibility. For example, pay attention to the use of first and last names: In legitimate e-invoices, the recipient is addressed by first and last name. This form of address is still the exception in fraudulent e-mails. If in doubt, ask the company whether an invoice has been triggered or ask them to resend the invoice.

For companies whose names have been misused as senders: 

• If your company name is misused for fraud e-mails, point out clearly on the home page that your company is misused as a sender for malware e-mails. Give customers your recommendation on how they should behave.
• Inform your customers about the fraud attempts by means of a regular newsletter or directly.
• Adhere to the following basic rules when communicating with customers via e-mail and communicate them to them:
  • Use links sparingly in e-mails and link only to your own domain. If possible, use links to pages secured by encryption (https) and inform the recipient of this.
  • Do not use hidden links, always make the links visible to the user.
  • Do not link to websites that require username and password or other input.
  • Address customers by first and last name, if this information is available.
  • Send important account information in writing by letter - especially in the financial sector.

Source: Reporting and Analysis Centre for Information Assurance