Cybercriminals often send emails purporting to be from online marketplaces, video streaming services, and government agencies to steal personal and banking data from victims. Recently, Kaspersky researchers found two separate scams following this usual trend.

The first scam

In one scam, cybercriminals pretended to be from Finanzmarktaufsicht, a German financial regulator company investigating fraud and sent an email to the potential victims.
  • The email states that Osnabrück police have arrested some criminals and confiscated their hard drives, which contained citizens’ decrypted personal data. The email requests to assist them in the investigation by simply following a link to fill out a special online form on the fake Finanzmarktaufsicht site.
  • It instructs the victims to enter personal information such as surname, first name, email address, phone number, and other banking information in the form. In addition, scammers provide an option to call the given number to receive expert assistance.
  • Further, they assure victims to help return the funds stolen by the scammers, and allegedly ask for more information to prepare documents, along with banking details supposedly to reimburse the damage.

The decoy

Although the email comes across very well, it contains several signs showing it’s bogus.
  • First of all, the sender’s address and the agency look suspicious and dubious. The online search for Finanzmarktaufsicht states it's an Austrian agency, not German.
  • Information about the organization on the fake website looks as if it belongs to a bona fide government agency.
  • Moreover, the fake site uses the logo of the Austrian government agency and there’s no organization with that name in Germany.

The second scam

While the first scam targeted Germany, the second scam focuses on Switzerland.
  • The email pretends to be from FINMA, an independent financial regulator operating in Switzerland.
  • It reminds the recipient that back in 2015–2017 they supposedly invested in a real company called SolidCFD and now it has been closed down due to some illegal activity.
  • The scammers trick the victims into believing that they want to help return the invested money and for that, they need some information.

The attackers did not create any website and just hoped that the victim will agree to discuss their investments first by email, then possibly by phone or messenger app.

Final thoughts

In both scams, the scammers were tricking victims into paying a bogus fee or parting with their money in some other way. Users are recommended to double-check the email address when sending sensitive information and use a reliable security solution to identify and block suspicious websites and emails.
Cyware Publisher