Names of well-known companies and organizations are often misused to increase credibility in abusive or fraudulent messages. Such e-mails could be a form of fraud, where your customers are tricked into transferring money to a "new" account in your company. Another option would be to use these e-mails to spread malware (computer viruses). We have observed many times that the identities of trustworthy companies have been used to deceive recipients into opening an infected file attachment. To what extent the threshold to criminal acts (fraud, defamation etc.) has already been crossed would have to be assessed by a public prosecutor's office.
- Have your IT service provider clarify whether someone could gain access to your customer database in order to send the mails in a targeted manner or whether the customer list is publicly accessible on your website.
- To reduce the chances of success for the fraudsters, it is important to communicate clearly via the company's standard channels.
- Inform all your customers about this scam and the characteristics by which fraudsters can be identified. If necessary, you could put a warning on your website.
- Report to the responsible cantonal police.