It has come to our attention that someone is sending emails using our name and email/domain requesting payment of a late invoice. Please be advised that these emails are fraudulent, are not legitimate and should not be acted upon, and the invoice should not be paid. Attachment should not be open.
We advise that you verify the authenticity of any email requesting payment, and double-check before making any transactions.
We would like to remind you that we will never ask you to make payment to any bank accounts other than the ones we have provided in our Agreements or Invoices. Furthermore, we have no cryptocurrency accounts and no bank accounts outside Switzerland.
Scam Incident Information:
Today, 27.2.2023 at 16.39h until 20.33h we received 339 E-Mails as Returned E-Mail sent from old Swiss citizens E-Mail accounts ending gmx.ch, (probably bought on Dark Net or from some Data Leak) to our employee Account email@example.com
The Subject of the returned E-Mail was: Unbezahlte Rechnung. (Not paid invoice).
Please do not pay such invoice, and if you have already paid, you opened the attachment and installed Trojan Virus, please report the case to police, and give all documents and data you might have. According to our experts, between 5000 and 10000 E-Mails were sent to GMX.CH users, and minimum number of victims will be between 5 - 10.
Our company has bank and bank merchant system for communication of invoices, we do not send reminders for invoices with emails. Reminders are always sent via registered Swiss Post for the services we have provided.
Our investigation has the following information for the public and victims of this scam:
1) E-Mail was probably sent from Great Britain;
2) Message-Id: 202302271626.31RGQF25101276@mail118c50.megamailservers.eu
3) Server: http://megamailservers.com/ (not secured)
4) Received: from Electra (r-108-43-62-5.consumer-pool.prcdn.net [220.127.116.11] (may be forged))
by mail118c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 31RGQF25101276
for <XXXXXXX@gmx.ch>; Mon, 27 Feb 2023 16:26:39 +0000
5) As sender emails from email properties we have found following (maybe they are also forged):
6) IP Addresses of the Server: 18.104.22.168; 22.214.171.124; 126.96.36.199 etc.
7) Mails sent from this email server were used for Kickstarter Scam, Indiegogo Scam, and other.
8) The case is complex, and should be more analysed by government agencies, as our company and our customers are not direct victims of this incident. See data points available:
9) According to our Analysis, all sent emails had an Attachment with Trojan Virus (Trojan Generic, Trojan Mint Zamg, Trojan Tetomek.JS, see:
We take the security of our clients' information very seriously, our customers databases are secured and the email recipients not from our databases. All E-Mail recipients are from gmx.ch E-Mail client. If you have received any suspicious emails that appear to be from us, please do not hesitate to contact us immediately so that we can take the necessary action to prevent any further fraudulent activities.
Thank you for your continued support and trust in our services.
Stay vigilant and stay safe.
Executive Board of Swiss Security Solutions LLC