Alarming figures indeed: according to the Federal Statistical Office (FSO), some 350,000 Swiss people have fallen victim to online credit card fraud in 2021. Just as many have lost personal documents through virus attacks. On social networks, “Swiss” data are targeted by hackers more often than the European average.
Katrin Sprenger: It’s safe to assume that the risk of being a victim of cybercrime may increase as Internet use grows. Browsing, shopping, and socializing online are becoming more and more popular and are already part of many people’s daily routine. Whereas people were still very weary just a few years ago as regards entering their credit card details, for example, they now do it a lot, often without a second thought. Both of these factors play into the hands of cybercriminals.
Do you keep getting text messages saying that you have to pay a small customs fee so that your package can be delivered?
This type of smishing (phishing via SMS text message) has become very common. People are finding it harder and harder these days to keep track of all the deliveries they're expecting. Fraudsters are taking advantage of this by sending out text messages with a link to a website that allows you to make small payments with your credit card. The real risk to anyone who follows the link isn't the payment itself, which is usually less than CHF 5, but the fact that they're handing over their credit card details.
The criminals get the cardholder's name, the card number, and the CVV code and can, in the worst-case scenario, use these to "max out" the card by using up the full credit limit.
How can you tell whether a text message you've received is genuine or fake?
It's usually more or less impossible to tell the difference based on the message alone, but the big delivery companies like DHL and Swiss Post generally notify you about deliveries by e-mail. The e-mail contains a link to a page on which you can track the packages you're waiting for and check for outstanding payments.
We recommend setting up a customer account with the delivery company. If you receive a text message, log in and check whether there are any amounts still to be paid on the deliveries you're expecting.
Lukas Keller: Opening a phishing e-mail isn’t a problem in itself. The danger arises when you click on a link in the e-mail without thinking and enter confidential information when prompted. Then the criminals have got what they want: your personal access details. I recommend erring on the side of caution: when you get an e-mail from your bank, for instance, enter the website address you already know manually in the address bar rather than clicking on the link to the site.
Lukas Keller: Both are e-mail-based forms of attack. The main difference is that a phishing attack is intended to direct you to a website where you enter details that are then saved and misused. Malware e-mails, meanwhile, are intended to infect your computer. What usually happens is that malware is “hidden” in a supposedly harmless attachment like a PDF or Word document. When you click on the attachment, the program installs itself in the background. The aim of this kind of program is either to delete data from your computer or to track down specific data and send it to the cybercriminals.
Doxing, fuzzing, pharming? In our cybercrime glossary, we explain the most important offences in the field of cybercrime.
Always remember that serious online providers – including banks – will never send you an e-mail asking you to enter your login details on a website.
With more and more people working from home these days, cyber criminals have changed their tactics and are increasingly trying to take advantage of IT weaknesses in the home, where it's virtually impossible to ensure the same level of security as at a company office. These threats aren't new, but they've taken on much greater significance as a result of large numbers of people making the shift to remote working in a short space of time.
It all starts with the hardware. Many companies didn't have a laptop for every single member of staff, so they allowed their staff to use their own devices. This led to lots of people working on outdated machines with poor security, lacking the latest updates or even a virus scanner, which open the door to hackers seeking unauthorized access to data.
Since internet access is essential for working from home, people tend to use their existing Wi-Fi network. Unfortunately, everyone knows that people deliberately set simple passwords for their home network so they can easily pass them on to their visitors. This makes them easy to crack, allowing hackers to gain access to confidential data or infect computers with viruses and Trojans.
The third big threat concerns e-mail. Staff working from home face a constant barrage of phishing e-mails, most of which are intended to steal secure data using malware or false information. Hackers still send links to fake websites or fake e-mails purporting to be from a known sender such as the recipient’s boss. It's often the human factor that's the problem here more than IT security, as has always been the case: people open phishing e-mails because they're unsure, download harmful attachments to their computer without thinking or obliviously tell people posing as IT support their passwords.
E-mail applications, especially those on mobile devices, frequently have vulnerabilities too, and these allow cyber criminals to hack into them and gain access to data.
People who work from home have to take more responsibility for security because their company's IT administrators aren't there to help them. It's especially important to make sure each and every employee is aware of this, but putting the right security measures in place in the home working environment is also vital.
The most important one, as ever, is installing a comprehensive security software package that will protect against many of the threats outlined above – although 100% protection can never be guaranteed.
At the same time, unauthorized third parties must not be given access to hardware used to work from home. Ideally, company laptops and phones should be put in standby mode and locked with a password when not in use and kept out of the reach of others.
Lukas Keller: Online credit card fraud isn’t much different from physically stealing the card itself. That’s why the very first step must be to have the card blocked. The problem on the Internet is that several transactions might have already been booked to the card by the time you realize that your details have been stolen. Look closely at each booking, go to the sites concerned, and try to get the orders canceled.
On some sites, you can see the IP address and location the order was placed from. If, for example, a transaction was made from Brazil, but you can prove that you were in Switzerland at the time, most website operators will show goodwill. It the transactions can’t be canceled, you’ll need to contact your credit card provider. They’ll cover the cost in most cases.
Lukas Keller: Your first question shouldn’t be “How often should I change my password?” but “How strong is my password?” If your password’s “1234”, it can be hacked much more quickly than one made up of eight or more letters, numbers, and special characters. Most devices these days suggest a secure password like this whenever you set up a new account. On top of this, it’s always a good idea to use two-factor authentication where it’s offered. If you also change your passwords for sites you use regularly every six to eight weeks, you should be safe.
Switzerland's Federal Statistical Office contained figures on cyber crime for the first time in 2021:
According to Statista (in German), there was a sharp rise in the number of cyber cases in Switzerland during the first few weeks of 2021. A total of 832 cases of cyber crime were reported to the National Cyber Security Centre (NCSC) in calendar week 41 (October 11-17), 292 of which involved fraud.
Lukas Keller: The FSO believes the main reason is that the Swiss are so lax when it comes to protecting their data. In 2019, only two thirds of users were using security software, down from three quarters in 2014.
I think it can also be explained by a combination of three factors. Firstly, Switzerland was quick to embrace the digital age, so it has a large number of potential targets despite its relatively small population. Secondly, high income levels make the Swiss attractive targets for cybercriminals.
Add in users’ general sense of security, which makes them complacent about protecting their own online data, and this could be why Swiss people fall victim to cybercrime more often than other Europeans.
Katrin Sprenger: One of the most frequently underestimated threats is identity theft. That’s when criminals steal personal details such as your date of birth, address, and perhaps even a scan of your ID or birth certificate. They can get hold of these relatively quickly if they succeed in hacking your e-mail account. Most of us have sent a scan of one of these documents by e-mail at some point. The criminals then piece together the victim’s identity and offer it for sale on the Darknet or can use it to conclude contracts in the victim’s name. Their main aim is to make money from these stolen identities.