Cybercriminal operating in Switzerland gets 7 years in prison

Thanks to intensive investigations carried out by the MPC and fedpol, a British national was identified as the developer and distributor of the phishing kit.
Pixabay

Little consolation for many Swiss bank customers defrauded between May and September 2022. Their scammer, an Englishman, has just been sentenced to seven years in prison by a British court. This follows an international investigation led by the Office of the Attorney General of Switzerland (OAG) and fedpol, the OAG announced Tuesday.

Indeed, in July 2022, the MPC opened criminal proceedings against an unknown person for suspected fraudulent use of a computer, following dozens of phishing cases reported across Switzerland. Several cantonal prosecutors' offices had already opened proceedings in around thirty similar cases, which were grouped together by the MPC.

The investigation revealed a sophisticated attack. For five months, the cybercriminal created and used fake login pages for various Swiss banks using a "phishing kit." Customers who performed a Google search were redirected to these pages, which appeared as advertisements. Thinking they were logging into their e-banking account, they entered their login details and the authentication codes received by SMS. However, this information was retrieved in the background by the hacker, allowing them to log into their account, add a device to bypass two-factor authentication, and subsequently make transfers without their knowledge. The estimated damage in Switzerland amounts to approximately 2.4 million francs.

Thanks to investigations conducted by the OAG and fedpol, the cybercriminal was identified in August 2023. The subsequent collaboration with European and British judicial authorities (which were already conducting similar proceedings against him) led to his arrest in the United Kingdom. "This result demonstrates the importance and effectiveness of international cooperation in the fight against the ever-increasing cybercrime," the OAG said.

Phishing is a fraud technique used to deceive Internet users and obtain their sensitive data, such as usernames, passwords, or banking information. One in seven Swiss people has already been a victim of this type of cybercrime. Victims are generally redirected to fake websites imitating those of trusted institutions (banks, public services, etc.). Thinking they are on the official website, they enter their information, which is then retrieved by the fraudsters. Phishing can also take place via emails, text messages, or online advertisements with booby-trapped links. To avoid falling into this trap, never click on suspicious links, especially those received by email, text message, or via search engines. It is also important to check the website's URL : a legitimate website generally begins with "https://" and contains the official domain name (www.bankname.ch). Watch out for spelling mistakes or similar addresses.