With a nasty scam Basel woman robbed of 20,000 francs within minutes
One careless second, one click on the wrong link and 20,000 francs are gone. For a woman from Basel, this nightmare has become reality. And the bank doesn't want to know anything at first.
No time? blue News summarizes for you
- A woman lost 20,000 francs after fraudsters took over her Twint account via a fake link on the Tutti.ch platform.
- Despite a conspicuous debit pattern, the Postfinance security system did not take action.
- It was only after SRF intervened that the bank re-examined the case and agreed a partial refund with the customer.
The incident began on the classified ads platform Tutti.ch. A woman from Basel wanted to sell a child's toy when fraudsters contacted her. They gained access to her Twint account via a manipulated link that led to a fake portal. Within seconds, the perpetrators took control by changing the access code. The woman was powerless from then on.
What followed was a meticulously planned series of debits. Within half an hour, around 20,000 francs were debited from various of her accounts. The perpetrators acted systematically, making a total of 70 debits, almost all for the same amount of CHF 250. A pattern that should have set alarm bells ringing.
Security systems remain silent
But despite the conspicuous transaction pattern, Postfinance's security system remained silent. The customer contacted her bank to find out how such an incident could have gone unnoticed. The answer was sobering: she had passed on her access data and was therefore to blame herself.
This response from the bank is exemplary of a growing problem. Financial institutions often blame customers for phishing cases. They invoke the account holder's duty of care to protect their sensitive data. But the question of why a security system does not react to such a debit pattern remains unanswered.
In view of the fact that phishing cases in the classifieds sector have increased fivefold within a year, the further development of security systems does not seem to be keeping pace with the criminal creativity of the perpetrators.
Re-examination and partial reimbursement after media intervention
It was only when the SRF consumer magazine "Espresso" took up the case and followed up with Postfinance that things started to move. The editorial team asked the legitimate question of how such a conspicuous direct debit pattern could go unnoticed. The bank then promised to look into the case again.
The woman from Basel was finally able to reach an agreement with Postfinance and will get some of the stolen money back. She is not allowed to disclose the amount. The bank itself is keeping a low profile in its statement, but points out that it is constantly developing its security systems. The findings from fraud attempts are used to optimize the systems.
How to react correctly to phishing attempts
- Ignore and delete: Suspicious emails, especially those with unbelievable promises of winnings, should be deleted unanswered or moved to the spam folder.
- Do not click on any links: Never follow links from unsolicited emails, text messages or messages on social media. These may be manipulated and lead to fake websites.
- Data economy: Never disclose sensitive personal data such as passwords, credit card numbers or addresses if you have not verified the authenticity of the sender beyond doubt.
- Direct contact in case of uncertainty: If you have any doubts about the legitimacy of a message purporting to come from a well-known company, always contact them via the official channels.
