Cybersecurity These are the 4 biggest tricks used by phishing scammers

Fake invoices, fictitious letters from lawyers, alleged tax refunds in exchange for a credit card number: phishing comes in many forms. How do you recognize fraud?

Banks, Amazon or Paypal: Phishing warnings from consumer advice centers affect many companies. One scam: fraudsters use a staged email to steal private and sensitive data. They mainly target banks and financial service providers because they are looking for easy money.

Such attempts at fraud are known as phishing, derived from the words password and fishing. Phishing will remain one of the biggest cyber threats in Switzerland in 2025. Cyber criminals are increasingly using sophisticated methods to steal personal data. Around 6.7 million phishing attempts were registered in Switzerland in 2024 alone. These are the biggest phishing traps.

Cyber criminals send deceptively genuine emails in the name of the Federal Tax Administration (FTA) or the AHV. They entice you with refunds or account audits. If you click on the link, you end up on a fake page.

Fortunately, there are a number of factors that make it possible to recognize an attempted deception via e-mail. The sender addresses are often forged. This can be determined with the help of the email header, i.e. the source test of an email. If the header contains a cryptic e-mail address, this is already an indication of a phishing e-mail. According to a Swisscom information page, phishing e-mails can be recognized by the sender, impersonal address, urgent wording and unknown domain.

Particularly insidious: mails in the Swisscard design. They ask you to update your personal data - usually via a QR code. The emails look official, contain a personal salutation and a genuine Swisscard look.

Real email accounts or social media accounts are hacked. Friends of these people then receive messages with supposed competitions or gifts - a trick to steal further login data.

The latest trend: quishing, or phishing via QR code. These codes appear in emails, on flyers or even on parking machines - and lead to fake sites that steal login details or credit card information.

How to protect yourself against phishing

Be skeptical of emails or text messages that ask you to enter personal data. If you recognize a phishing e-mail, the motto is: delete it! Before doing so, it is advisable to forward the message to the Reporting and Analysis Center for Information Assurance MELANI. The phishing e-mail should be sent as an attachment or a print screen to reports@antiphishing.ch. Bluewin users can also contact spamreport@bluewin.ch.

Jürgen Schmidt from the specialist magazine "c't" also advises: "If the mail program or the mail provider offers it, it is also worth marking them as spam. The program then learns to recognize such emails and sort them out straight away."

Under no circumstances should users click on links in emails. Do not download attached documents. If you are not sure whether an email is legitimate, Schmidt recommends calling the alleged sender to check its authenticity before opening any attachments.

If you follow a link, you are often taken to fake websites where you are asked to enter personal data. If you realize afterwards that you may have fallen into a phishing trap, you should first check which data is involved. The next step is to change the access data with the respective provider. Account statements and letters sent to you should always be checked carefully.

The main thing is to prevent potential damage or keep it as low as possible. "If you react in good time, it is sometimes possible to claim back money that has been transferred. If damage has actually occurred, you should report it to the police," recommends Schmidt.

The nastiest online scams

Enter the web addresses manually in the browser instead of clicking on links.

Where possible, activate two-factor authentication for your accounts.