“I need your cell phone number so I can unlock my Twint account!” – Fraudsters try to get money via Facebook
A new type of fraud is making the rounds in Eastern Switzerland: perpetrators are trying to deceive their victims with a new trick. The police and financial service providers are alarmed and advise caution.
Unknown people are trying to steal money through hacked profiles.
Symbol image: Raphael Rohner
“Hello, how are you? I have a problem and need your help quickly,” writes a friend on Facebook who I know very well. Shortly afterwards, he replies: “I have blocked my cell phone and need an activation code for customer service. I need your phone number quickly to unlock it.” The text is written in the Bernese dialect – which my friend from Thurgau definitely does not speak – let alone write.
“You think so,” I say to myself. My gut tells me that someone is trying to scam me, so I call my friend on his cell phone. He is at work and says: “People have been calling me all morning asking if it’s me – but it’s not me!” He is trying to block his Facebook account, he explains.
It becomes clear to me that strangers are pretending to be my acquaintance. So I call the Thurgau cantonal police and ask what I should do. Ralf Frei, media spokesperson for the cantonal police, advises me to collect evidence by taking screenshots. Such and similar fraud attempts keep happening. “As long as it remains an attempt, we recommend reporting it to the Federal Office for Cyber Security,” explains Frei. “Such reports are collected and evaluated centrally there.” In the case of actual fraud, a report can be made at any police station.
The unknown scammers pretend to be my friend in the chat.
Photo: Raphael Rohner
Perpetrators don’t want cash
My “acquaintance” received a telephone number from me – not mine, of course – and wrote that I would receive a personal identification number (PIN) in a few seconds. Suddenly he switched to “Sie” and asked me to open my Twint app and enter the code “50882”. “After that, you will receive a code via SMS!” – I was to forward this to him immediately: Instead, I sent him a random, six-digit number code that I had thought up and asked whether it wouldn’t be better to deposit the cash in the milk crate. With the idea of letting the perpetrators meet the police. But the stranger sensed the danger and immediately blocked me.
I reported the profile on Facebook as “hacked” and my friend deactivated it. In the evening he told me that at least 50 people had called him to ask if he had really locked his smartphone. “It’s extremely annoying for me and I honestly don’t know where to report if you’re affected.” The Thurgau Cantonal Police advises those affected or witnesses of such fraud attempts to report the incident to the Federal Office for Cyber Security. There you can report the incident via a Reporting form will receive initial recommendations and, if requested, will be contacted by a specialist.
Successful new scam
The Federal Office for Cyber Security (BACS) has already registered several such cases, says media spokeswoman Manuela Sonderegger: “The procedure you describe has been reported to the BACS several times, and the number of reports is currently increasing.”
Every week, the reported cases are published on the website of the Federal Office for Cyber Security.
Grafik: BACS
Sonderegger describes the perpetrators’ approach: “First, the attackers try to convince the victim to forward the SMS code they received. To do this, they pretend to be a colleague who is in an emergency. Then they try to get the victim to make a payment via Twint.” This approach enables the perpetrators to conceal their identity, it is said. Sonderegger adds: “The Twint payment is usually used to buy vouchers, which are then redeemed by the fraudsters. The hacked account is then used to write to colleagues with the request to forward the code.”
First money is debited, then the profile is hacked
The current scam is the weekly topic on the website of the Federal Office for Cyber Security. The specialists warn against falling for this trick. The perpetrators also try to swindle money via fictitious WhatsApp contacts – amounts of up to 1,800 francs are mentioned. But the really perfidious thing is the confirmation code that the victims pass on to the perpetrators. If the victim recognizes the fraud and stops making payments, the fraud is not over yet.
This is where the code transmitted at the beginning comes into play. By passing on the first six-digit code, the attackers can now take over the victim’s Facebook and WhatsApp accounts and write to all of his contacts in his name, tricking them into thinking that the mobile phone is locked and asking them to pass on the six-digit code. The game starts all over again with the next victim.
The Federal Office for Cyber Security cannot say how many people are affected by the new scam. In 2023, the reporting office registered 9,415 phishing cases or fraud attempts in Switzerland. In 2024, the number is likely to be significantly higher. In mid-August, the BACS already reported over 5,000 attempts. “These reports via the reporting office are very valuable to us,” says Sonderegger. “Anyone who observes or experiences anything suspicious should report it. The findings from each individual attempt are important.” The specialists also advise never to share a code that has been sent to you or to help someone with it.
Twint launches investigation
The payment service provider Twint is also alarmed by the new type of fraud attempt: “The process sounds very suspicious,” says media spokesperson Demet Biçer. She suspects that the fraudsters want to trick victims into giving them the invoice for an online purchase: “We assume that in your case it is a QR or numeric code that you are supposed to use to confirm a payment directly in the Twint app.” Such QR and numeric codes to confirm a payment can only be offered by legitimate and verified retailers, never by private individuals on classifieds portals.
Biçer adds: “It is very likely that the fraudster is trying to send you a confirmation code for a payment that he is making at the same time with an online retailer.” Twint takes this scam very seriously and has launched an investigation with specialists from the fraud department. Recently, fraudsters even posed as Twint employees and tried to swindle money this way.
My friend also reported the incident to the Federal Office. However, he has left his account deactivated: “This kind of thing is just annoying and irritating. I’m thinking about just deleting all of my social media accounts, then I’ll have peace and quiet,” he says, dismayed.
