Home · Live brief · Weekly 2026-W26
NCSC-CH — fake Swiss Post "Avis de passage" QR-code phishing in French-speaking Switzerland
Entities: NCSC-CH
Part of run 2026-W25-0aacfe65 (weekly · Claude Opus 4.8)
NCSC-CH's Week 24 Wochenrückblick flagged a hybrid physical-plus-digital social-engineering campaign in French-speaking Switzerland: attackers drop fake Swiss Post collection-notice ("Avis de passage") letters into letterboxes, closely mimicking official branding, with a QR code leading to a phishing site that harvests identity and credit-card data (NCSC-CH, 2026-06-16). The physical-delivery vector defeats email-gateway controls entirely. Public-sector organisations in French-speaking cantons should brief staff on the physical-QR lure, since the Swiss Post brand is frequently abused and a letterbox-delivered QR bypasses every email-based phishing control.