Phishing Emails Currently in Circulation

Unknown individuals are sending fake emails in the name of bexio, directing recipients to deceptively realistic websites that are not affiliated with bexio. Users are asked to enter their login credentials there. With the captured logins, phishing attackers have, in isolated cases, successfully logged into customer accounts, manipulated IBAN numbers on invoices, or viewed address data. The systems and infrastructure of bexio were not compromised. All bexio customers have been informed. bexio is in direct contact with the affected individuals.

"We deeply regret the burden these incidents impose on those affected," says Markus Naef, CEO of bexio. "We actively support the affected individuals in processing the incidents and with the necessary steps towards authorities. The security of our customer data is our top priority." The two-factor authentication, previously a recommended optional feature for customers, is now made mandatory at bexio for the protection of all customers.

Phishing emails are not sent by bexio. The email addresses used by unknown individuals do not originate from bexio. No customer data from bexio has been leaked outside. The phishing emails are sent indiscriminately.

How to differentiate genuine bexio messages from fake ones: Often, the links can be recognised as leading to websites that are not associated with bexio. A central information page from bexio explains in detail how genuine messages can be distinguished from phishing attempts.

What bexio is doing against it: bexio has reported the phishing attack to the Federal Office for Cybersecurity BACS and the Federal Data Protection and Information Commissioner (FDPIC). The BACS informs the responsible web hosting provider and the registrar so that the website or domain can be blocked. Furthermore, BACS informs providers of block lists. If it is a .ch or .swiss domain, BACS can directly block the website.

Two-factor authentication, previously an optional feature for bexio customers, is becoming a mandatory standard. To support users optimally in setting up this new standard, bexio support capacities have been temporarily expanded.

As an established security measure, bexio has long automatically informed account holders whenever important changes - such as changing an IBAN - are made in the system.

How you can protect yourself from phishing attacks: Do not click on suspicious links or attachments in emails.

When in doubt, customers should directly contact bexio's customer service to verify the received message.

What to do if customer data has been inadvertently disclosed: Customers who have provided their password should change it immediately for all services they use it for. A separate, strong password should be used for each online service.

If an email password has been inadvertently disclosed, the passwords for all web providers linked to this account should be reset.

If financial loss has been suffered or personal data has been inadvertently disclosed, the Federal Office for Cybersecurity BACS recommends filing a criminal complaint with the local police. Police stations can be found nearby on the Suisse ePolice website.

bexio also advises all customers to regularly check the stored IBAN numbers of suppliers and their own invoice drafts as a preventative measure.

Editor's note: Image rights belong to the respective publisher.