Phishing scam by an international network uncovered
A bank client in Switzerland googles the address of the e-banking portal, clicks on one of the search results, enters her login details, and becomes a victim. The website turns out to be a perfect copy, created by criminals who can now access and use her data in real time.
Criminals register deceptively genuine-looking internet domain names and use Google Ads to prominently display these links in Google search results.
Bank customers log in as usual using their username and password, and their login details are immediately transmitted to the scammers, who then log in to the genuine bank websites. Two-factor authentication (2FA) is ineffective in such cases. Within seconds, customers become victims. Unsuspectingly, they enter their 2FA security code on the fake bank website, which the scammers then receive immediately. They then log into the bank accounts as authorised users and take control, often transferring large sums of money to the accounts of money mules – people hired as payment agents whose bank accounts the scammers use to transfer the stolen money, when they are not channelling the funds through crypto exchanges.
fedpol opens investigations
In July 2022, the Office of the Attorney General of Switzerland launched proceedings following an initial police investigation and instructed fedpol to take the matter further. Everything pointed to an international group of cybercriminals that targeted clients of Swiss banks between May and October 2022. Fedpol’s IT forensic experts and investigators identified a developer based in England who is thought to be behind the entire phishing kit – the software used by the criminals. He is already being investigated by the UK authorities.
Working closely with fedpol, the Office of the Attorney General of Switzerland, Europol and Eurojust – the European Union’s agency for judicial cooperation in criminal matters – the authorities pool their information together. The UK authorities confirm the identity of the suspected IT developer, who is then arrested in England on 26 October 2023.
‘Cybercriminals are well organised, efficient and operate across national borders. Although our resources are very limited and international cooperation is not always easy, this case shows that we are quite capable of bringing the perpetrators to justice, even if they are located abroad.’
Andreas, federal investigator
International cooperation as the key to success
Close cooperation between fedpol and international law enforcement resulted in the UK authorities taking over the proceedings. The suspect is currently facing trial in England for his actions. Cybercriminals are extremely agile; international investigative work is essential to stop them. Criminals know no borders, particularly in cyberspace – law enforcement must be just as well networked and dynamic.
Stay safe online: How to protect yourself from phishing
- Type in the bank’s URL or save it: Always type in your bank’s web address yourself or save it in your web browser’s favourites. Do not use a search engine to find the address.
- Verify links und email senders: Do not open any links or attachments from unknown senders. Banks never request sensitive data by email or text message.
- Be careful with two-factor authentication (2FA): If you receive an unsolicited 2FA request, cancel the process and contact your bank directly.
- Regularly check account activity: Check your transactions and immediately report any suspicious entries.
- Make sure that the latest version of your software is installed: Keep your operating system, apps and antivirus software up-to-date.
Remain vigilant – cybercriminals exploit every opportunity!