Friday Phish Fry

Phishing Email Alerts

Catch of the Day: Swiss Phish

Examples of clever phish that made it past my anti-spam nets and into my inbox. Some are contributed by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at phish@wyzguys.com.

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.


Swiss Government Identified 10,000 Phishing Websites Impersonating 260 Brands

Attacks targeting Swiss residents increased 10% last year, according to newly-released data that shows a growth in not just phishing attacks, but brand impersonation at purely a national level.

The Swiss Federation’s National Cyber Security Centre (NCSC) hosts a phishing site reporting tool where individuals and businesses can report suspicious websites and emails. They analyze and track reports, consolidating their findings annually into their Anti-Phishing Report.

According to the findings summarizing 2023, Switzerland saw a massive spike in the number of phishing websites created monthly in December of last year, jumping to 1380 — a number 65% higher than the monthly average observed last year.

Additionally, of the 260 impersonated brands, nearly two-thirds (61%) were Swiss brands known within the country. I found this interesting; it means that attackers know they have a better chance of tricking a potential victim with an in-country brand than a national brand.

The Swiss Post was the most-impersonated brand, at 21% of all attacks — a number that sits within a larger group of letter and parcel delivery companies, which represented 41% of all attacks.

What I found really interesting was one of the report’s recommendations: be skeptical. It’s a great way to put new-school security awareness training into practice and the need to be vigilant. The NCSC goes on to provide an example: “No bank or credit card institution will ever ask you to change passwords or verify credit card details by email or SMS.”

When they put it like that, it sounds obvious. But it’s not; which is why organizations and individuals need to “be skeptical” and stay informed on the latest attacks, scams and techniques.

Blog post with links:
https://blog.knowbe4.com/swiss-government-identify-10000-phishing-websites


 

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.