Recently published blog posts:
Go to the blog archive and browse all previous blog posts
we have published so far.
Subscribe to the GovCERT.ch blog RSS feed to stay up to
date and get notified about new blog posts.
Recently published whitepapers:
Subscribe to the whitepapers RSS feed to stay up to date
and get notified about new whitepapers.
Report an incident:
The following email address can be considered as point of
contact for FIRST members and other
Published on April 22, 2020 12:00 +0200 by GovCERT.ch (permalink)
Last updated on April 22, 2020 12:00 +0200
Since the beginning of April 2020, we are seeing an increase in phishing attacks against webmasters and domain owners in Switzerland. Unknown threat actors are phishing for credentials for accounts on web admin panels of at least three major hosting providers in Switzerland.
In order to gain access to these web admin panels, the perpetrator is sending out many phishing emails that pretend to come from Swiss hosting providers. In fact, they originate from hijacked email accounts abroad or from infrastructures that the perpetrator has rented at hosting providers abroad for exclusively for this purpose.
So far, we have only seen such phishing emails written in German and French. They may look like this:
The email body usually contains a link to a compromised website that redirects the victim to the final phishing website. This initial phishing link is usually personalised for the victim to include its domain name as well and / or the name of its hosting provider. The chart below shows the number of distinct phishing websites for the three most targeted Swiss hosting provider that Swiss citizens have reported to NCSC / GovCERT.ch on https://www.antiphishing.ch:
Back to top