Cybercrooks are posing as hosting providers in an attempt to scoop up web admin credentials

Swiss CERT warns of spear-phishing campaign targeting webmasters

Switzerland’s Computer Emergency Response Team (GovCERT) has warned website administrators to exercise additional caution when it comes to handling emails, following a spike in targeted phishing attacks.

“Since the beginning of April 2020, we are seeing an increase in phishing attacks against webmasters and domain owners in Switzerland,” GovCERT said in an advisory issued last week.

“Unknown threat actors are phishing for credentials for accounts on web admin panels of at least three major hosting providers in Switzerland.”

In an effort to gain access to these web admin panels, GovCERT explained, the perpetrator is sending out spear-phishing emails that pretend to come from the hosting providers.

“In fact, they originate from hijacked email accounts abroad or from infrastructures that the perpetrator has rented at hosting providers abroad, exclusively for this purpose,” the agency said.

Well-crafted emails

Contrary to the current trend of phishing campaigns that attempt to exploit users’ fears over the ongoing coronavirus emergency, a spokesperson from Switzerland’s National Cyber Security Centre (NCSC) said the latest campaign was not related to the pandemic.

However, the spokesperson warned that the emails were well crafted and might easily appear to be legitimate.

“Concerning the threat actor/group behind this phishing campaign, we can’t make any statement at the moment,” the NCSC spokesperson told The Daily Swig.

“The phishing campaign we face currently has no direct connection to the current coronavirus pandemic. But the phishing mails are quite well crafted, so they may seem trustworthy on first sight.”

So far, GovCERT said it has only seen such phishing emails written in German and French. They may look like this:



When asked if they could provide additional information, the NCSC spokesperson offered an example of one phishing email doing the rounds:



GovCERT’s latest warning follows the organization’s announcement back in February that it had detected a spike in ransomware incidents taking place in Switzerland.

As previously reported, the agency said it had dealt with more than a dozen ransomware cases at the start of the year, in which “unknown perpetrators encrypted the systems of Swiss SMEs and large companies” and rendered them unusable.


RECOMMENDED A guide to spear-phishing – how to protect against targeted attacks