Phishers angle their way into economic crime

It's not easy to capture cyber criminals

An increasing number of economic crimes via the internet has been recorded in Switzerland, with phishing to gain confidential data widespread, a report says.

This content was published on April 30, 2007 - 12:40

It adds that fictitious banks have also been attempting to profit from Switzerland's reputation as a financial centre.

The crime details were published on Monday in the semi-annual study of the government's Reporting and Analysis Centre for Information Assurance (Melani).

The report notes that during 2006 cyber crime developed definitively into a "widespread criminal activity" around the globe and experienced hackers were being recruited in increasing numbers.

Marc Henauer, who is head of a coordination unit on cyber crime at the Federal Police Office, told swissinfo that criminals were using increasingly sophisticated methods.

"I think what we're seeing is the end of the "pioneering age" of cyber criminals and we're entering a phase of consolidation," he said.

More sophisticated

"The "good" ones will get more and more sophisticated, whereas the "bad" ones, so to speak, will probably lose out and not get a lot of money with their activities."

The report notes that many cyber criminals can make enough to live off from their activities, and practise their "profession" during office hours, just like any other "employees".

In Switzerland, the bank of the country's largest retailer, Migros, was targeted last August, with customers receiving a phishing email inviting them to reveal the access code of their account so that its validity could be checked.

The bank put a temporary halt to its e-banking transactions to block any transactions that might be made using stolen codes.

"Phishers look for every kind of data they can lay their hands on. The more data they have – log-ins, passwords, personal data and so on – [the better].

"They can either use it to mount more sophisticated, more direct attacks or they can sell it to someone," Henauer explained.

Another financial institution was the target of two different incidents with malware - software which carries out harmful functions on a computer – hidden in pdf files.

Fictitious banks

The report says that fictitious banks claiming to have branches in Switzerland or which use the adjective "Swiss" keep popping up on the internet, evidently an attempt to exploit the reputation of Swiss financial institutions to attract victims.

One example concealed a fictitious institution whose intention was to recruit "financial agents" – better known as "money mules". They are people who for a commission allow their bank accounts to be used to transfer money of illicit provenance.

Whoever is recruited in such a way can be brought before a court for money laundering.

Henauer said that cyber crime in Switzerland was not worse than anywhere else.

"It's probably even a tad better than in other countries... Switzerland is not an island and the internet has a rather international scope. Therefore if there is a wave of attacks on unknown numbers of targets, it will also affect Switzerland," he said.

swissinfo, Robert Brookes

Key facts

Phishing: Fraudsters phish in order to gain confidential data from unsuspecting internet users. An example is account information from online auctioneers or access data for internet banking.
Malware: Comes from the words "malicious" and "software". This is a generic term for software that carries out harmful functions on a computer, such as viruses, worms or Trojan horses.

End of insertion

Data and identity theft

Phishing and data or identity theft through malware reached a new high in the second half of 2006.

The "Anti-Phishing Working Group" registered an increase of more than 52% in phishing websites between September and October.

Certain types of malware search through the entire computer and network for financially valuable information, while others log all keystrokes as soon as a website of interest to the attackers (for example, a bank website) is surfed.

In the case of a bank website, the stolen data is used, for example, to carry out illicit financial transactions.

Another form of identity theft occurs through malware manipulating the browser, enabling it to directly falsify what the browser is displaying during the e-banking session.

End of insertion

Some advice

Always keep anti-virus software updated.

Keep your operating system on the latest level of patching.

Use firewalls. Back up your data.

Keep a close eye on emails. If you don't know where one has come from and it has an attachment which you are not sure about, throw it away.

Caution on using links in emails. They may lead to websites that have been set up to cause you damage.

End of insertion
In compliance with the JTI standards

In compliance with the JTI standards

More: SWI certified by the Journalism Trust Initiative

Sort by

Change your password

Do you really want to delete your profile?

Your subscription could not be saved. Please try again.
Almost finished... We need to confirm your email address. To complete the subscription process, please click the link in the email we just sent you.

Discover our weekly must-reads for free!

Sign up to get our top stories straight into your mailbox.

The SBC Privacy Policy provides additional information on how your data is processed.