What you can do Attention, SwissPass phishing mails are circulating again
A deceptively genuine e-mail, a professionally recreated website and supposedly open credit balances: Fraudsters are using these tricks to try to obtain data from Swisspass users. Not for the first time.
No time? blue News summarizes for you
- Fraudsters are sending out deceptively genuine phishing emails in the name of SwissPass to steal user data.
- The fake emails and websites look professional, but contain subtle errors and rely on urgency.
- SwissPass recommends two-factor authentication and warns against disclosing personal data via insecure channels.
"Important note" is the innocuous subject of the email message, which suggests that SwissPass is the sender. The title of the message then informs you that data for a refund is still missing.
At first glance, the e-mail looks deceptively genuine. It even has the distinctive red SBB logo and an official-looking button. "You have received this email because you are entitled to a refund of CHF 41.28," the email continues - data should be updated in order to receive the amount. The message is signed by Johann-Josef Jossen, Head of SBB Contact Centers.
"The abusive emails are increasingly professional"
If you follow the link, you will find yourself on a website that also looks pretty genuine. However, if you pay attention to details such as the language in the footer or certain language errors, you will still notice that it is a fraudulent site.
Scams that are not new and already reached many recipients last summer. There, the fraudsters also tried to obtain victims' data using other scams. For example, with small outstanding claims that would result in the SwissPass being blocked if they were not taken into account.
"Unfortunately, so-called phishing emails are being sent by fraudsters in the name of Swisspass," the company confirmed at the time when asked by 20 Minuten. Even if the reported cases are small in relation to the total number of Swisspass customers, the quality of the forgeries is increasing. "The fraudulent emails are increasingly professional in design, which increases the likelihood that customers will be deceived," it continued.
What you can do in case of doubt
To avoid falling for such scams, Alliance Swisspass recommends activating two-factor authentication. Customers should also observe the following basic rules:
How to protect yourself
- Swisspass never asks you to disclose personal and confidential data by phone, e-mail or text message.
- Official Swisspass emails always come from noreply@mailing.swisspass.ch, noreply@swisspass.ch or mailings@mailings.swisspass.ch (except for refunds)
- If the email contains a different sender, it is not from Alliance Swisspass.
- Be skeptical if you are not addressed by your first and last name in the e-mail.
- Check links carefully before opening them.
- Be careful if the email suggests urgency
"We advise affected recipients to delete such emails, not to open any links or attachments and not to disclose any personal data," says Alliance Swisspass. If you have already entered your data, contact the SBB Contact Center and your bank. Those affected can also report the incidents to the police.
