About 15’000 times the Reporting and analysis centre for information assurance (Melani) of the Federal government since the middle of 2014 on the Websites of the met, the Swiss people wanted to steal data. In the technical language one speaks of so-called Phishing. Cyber attackers to impersonate the sites in a Bank, a telecommunications company or an online shop and steal personal data: E-Mails, telephone numbers, passwords, credit card numbers.
Especially clients of UBS are affected. About 800 of the Federal registered Website is fake impersonated UBS offers. The are about 5.4 percent of the incidents. Just in the last few months, Phishing has increased-information concerning the Swiss Bank. In October, 121 messages came together as a whole. An absolute peak value. In this month, every fourth Phishing-note, the Swiss authorities also reported was that a note to a Phishing attack on UBS clients.
The mesh with the Phishing-sites works as follows: The cyber criminal to gather in the Internet, in databases, online forums, or in the Darknet E-Mail addresses and address so that a mass of users, for example, in the name of UBS. The recipient will be prompted in the E-Mails to confirm your credit card numbers or user name and password for a new service, perhaps for 3D-Secure. Actually, a technology, which should make the use of the UBS credit card on the Internet safer.
in fact, the opposite happened in this case: The credit card is not protected, but the thief passed. The thieves operate with a slightly modified web addresses, such as ubs-online-digital.com or ubs-e-banking.com that may not seem at first glance unremarkable. The online form of the putative 3D-Secure-registration is, however, not on the Server of the Bank, but on that of the criminal. Without realizing it, the users of its data so the cyber criminal price.
The wrong form (above) looks at first glance to be extremely reputable.
another company that has been struggling in recent weeks, with many Phishing attacks, Sunrise. However, on a much deeper level than the UBS. Sunrise is coming in 2014, to nearly 100 Phishing messages on the part of the Melani.
The Sunrise customer, the Criminal tried to pretend that you are on the right Sunrise-Mail page. Did you use the address mipsunrise.weebly.com. Often the user does not have to remember that you have given your E-Mail address, just a Criminal. What makes the attacks much more refined: Once the users have logged in, you will be redirected to the correct e-Mail Portal. Here you must specify your E-Mail address again, but most users will simply assume that you have previously entered the password incorrectly.
The URL mipsunrise.weebly.com although striking, the form itself, but seriously.
Tricks to fall How many customers are actually on the Phishing-in, it is difficult to assess. According to the experts, the estimates of fractions of a percent can vary up to two percent. But that’s enough for the cyber criminals. In mass E-Mails, you are able to, at a stroke, tens of thousands of users. If even only a 0.01 percent fall for the Trick, nevertheless, some of the 100 successful cases.
For the reporting office of the Federal Melani is understandable that a Bank and Telecom companies are in the focus of the cyber criminals. In the case of banks, the thieves hoped to gain access to E-Banking data or credit card numbers. In the case of Telecom companies, the attackers were interested mostly in E-Mail accounts, without the Knowledge of the users whose accounts are in need for more Phishing attacks to miss. That UBS and Sunrise are the focus, considers the reporting Agency of the Federal government as a coincidence. Gisela Kipf, spokeswoman for the reporting centre, said: “We often see a temporary concentration on a particular goal.”
Sunrise pointing back to request the results of the analysis of the Melani-data on phishtank.com . The information would be incomplete. The Melani would not report anything at Phishtank. In addition, not all companies in Switzerland, Phishing would identify messages as consistent as the Sunrise. Rolf Ziebold, Sunrise spokesman, says: “the One who reports honestly and consistently, and therefore its customers, protects, seems to stand in the pillory.” The Problem is that providers are not required by law to report known Phishing cases.
Internal Numbers showed that the competition had more to fight Phishing. Ziebold says: “The statement that the Sunrise against Phishing attacks is more or less exposed, is wrong. Rather, just the opposite is the case.”
in fact, Swisscom, for example, since 2014, data on 123 responses, so slightly more than the Sunrise. However, since the beginning of 2016, the attacks on Swisscom declined slightly, while they rose at Sunrise. This is evident from the analysis of the data from phishtank.com .
The UBS returns the current increase in Phishing cases, a conversion, which is currently still ongoing, said the press office on request. UBS clients can authenticate to, more recently, via the App in E-Banking. Until all customers have converted, try to take advantage of the cyber criminal, apparently, possible outdated gateways, the logic of the Bank. Marco Tomasina said, “We are experienced but by no means more successful cases of fraud. They remain at a very low level, not least due to our awareness of the customer.”
In the studied Phishing messages Melani, there are notes received by the reporting office of the Federation of Swiss companies or from the population. The Federal for 2015 www.antiphishing.ch yourself a Website, on the suspicious Websites can be reported.
The fake web links are first checked automatically. Those that are not filtered out, examine the Melani staff will then manually send it to the manufacturer of IT security software or Internet provider; and the service Phishtank. The information security companies or Internet service providers to protect unwitting web surfers from dangerous Websites. In many cases, Internet users even in contact with the dangerous content, because they are automatically blocked.
However, all of the messages of the Melani is not correct. The reporting office also makes mistakes. Of the 15’000 messages 21 were clearly not Phishing Sites. Including the web addresses of the Swiss Federal office of energy, or the post-Finance, for example. 26. December 2017, reported the Melani, Google.ch is a Phishing Site. So funny that at first glance appears incorrect Phishing messages can have for companies unpleasant consequences. The companies are available for you, inexplicably, to black lists, and their contents are locked for the customer part.
Melani explains that all of the messages, the you to a third party, would be manually checked. This error could happen. Melani spokeswoman Gisela Kipf said: “We are careful to keep the error rate as low as possible. 21 Sites on 15’000 messages correspond to an error rate of slightly more than 0.1%.” The messages on Phishtank.com for the companies concerned no effect, because the Community verifies the Phishing messages, first the authenticity. The same is not true for the cables to Telecom companies, the supposed fake web addresses automatically on a black list. to not fall
To itself is not in a Phishing case, the reporting Agency of the Federal government: first, to distrust emails you get an unsolicited basis. Even those of trust companies trusted. Because that is exactly you would need as a fake sender addresses that miss. Secondly, always be careful when in an E-Mail with the consequences would be threatened: loss of money, criminal charges, account or card blocking, missed opportunity, bad luck. And the most Important: Never suspicious E-Mails or open attachments, or click Links. (Editorial Tamedia)
Created: 19.12.2018, 17:33 PM
