At home

Cybercrime: how to protect yourself against hacking, phishing, etc.

Share on Facebook Share on Twitter ch.axa.i18.share.google Share on LinkedIn Share on Xing Share on Pinterest Share by email

Alarming figures indeed: according to the Federal Statistical Office (FSO), some 350,000 Swiss people have fallen victim to online credit card fraud in the past 12 months. Just as many have lost personal documents through virus attacks. On social networks, “Swiss” data are targeted by hackers more often than the European average.

We spoke to Katrin Sprenger and Lukas Keller from the Zurich-based start-up Silenccio about how users can spot threats and risks on the Internet and protect themselves against online fraudsters’ fiendish tricks. Silenccio has been working with AXA since 2019. Its innovative online service offers private users and companies alike help and protection in connection with bullying, hacking, phishing, and shopping on the Internet.

Why is cybercrime on the rise?

Katrin Sprenger: It’s safe to assume that the risk of being a victim of cybercrime may increase as Internet use grows. Browsing, shopping, and socializing online are becoming more and more popular and are already part of many people’s daily routine. Whereas people were still very weary just a few years ago as regards entering their credit card details, for example, they now do it a lot, often without a second thought. Both of these factors play into the hands of cybercriminals.

According to a study by the Federal Statistical Office, Swiss people are affected by cybercrime very frequently by European standards. Why?

Lukas Keller: The FSO believes the main reason is that the Swiss are so lax when it comes to protecting their data. In 2019, only two thirds of users were using security software, down from three quarters in 2014.

I think it can also be explained by a combination of three factors. Firstly, Switzerland was quick to embrace the digital age, so it has a large number of potential targets despite its relatively small population. Secondly, high income levels make the Swiss attractive targets for cybercriminals.

Add in users’ general sense of security, which makes them complacent about protecting their own online data, and this could be why Swiss people fall victim to cybercrime more often than other Europeans. 

How often should I change my password for e-banking or my favorite online shops?

Lukas Keller: Your first question shouldn’t be “How often should I change my password?” but “How strong is my password?” If your password’s “1234”, it can be hacked much more quickly than one made up of eight or more letters, numbers, and special characters. Most devices these days suggest a secure password like this whenever you set up a new account. On top of this, it’s always a good idea to use two-factor authentication where it’s offered. If you also change your passwords for sites you use regularly every six to eight weeks, you should be safe. 

  • Teaser Image
    Katrin Sprenger & Lukas Keller

    Digital expert Katrin Sprenger has been CEO of the Zurich-based start-up Silenccio since summer 2019. Prior to that, she spent more than ten years working for digital full-service agencies. Lukas Keller is co-founder and Chief Technology Officer of Silenccio. He previously spent a number of years building up his own web agency, and before that he worked in business development at Migros Bank.

In your view, are there any online threats that are being completely underestimated or that people don’t even know about?

Katrin Sprenger: One of the most frequently underestimated threats is identity theft. That’s when criminals steal personal details such as your date of birth, address, and perhaps even a scan of your ID or birth certificate. They can get hold of these relatively quickly if they succeed in hacking your e-mail account. Most of us have sent a scan of one of these documents by e-mail at some point. The criminals then piece together the victim’s identity and offer it for sale on the Darknet or can use it to conclude contracts in the victim’s name. Their main aim is to make money from these stolen identities. 

The biggest financial losses come from risks directly related to the flow of money, such as bank accounts being hacked.

Katrin Sprenger, CEO of Silenccio

What can I do if I’ve fallen victim to credit card fraud?

Lukas Keller: Online credit card fraud isn’t much different from physically stealing the card itself. That’s why the very first step must be to have the card blocked. The problem on the Internet is that several transactions might have already been booked to the card by the time you realize that your details have been stolen. Look closely at each booking, go to the sites concerned, and try to get the orders canceled.

On some sites, you can see the IP address and location the order was placed from. If, for example, a transaction was made from Brazil, but you can prove that you were in Switzerland at the time, most website operators will show goodwill. It the transactions can’t be canceled, you’ll need to contact your credit card provider. They’ll cover the cost in most cases. 

Always remember that serious online providers – including banks – will never send you an e-mail asking you to enter your login details on a website.

Lukas Keller, co-founder and CTO of Silenccio

We’ve seen a spate of warnings about phishing e-mails recently. Lukas Keller, what can happen if I open them?

Lukas Keller: Opening a phishing e-mail isn’t a problem in itself. The danger arises when you click on a link in the e-mail without thinking and enter confidential information when prompted. Then the criminals have got what they want: your personal access details. I recommend erring on the side of caution: when you get an e-mail from your bank, for instance, enter the website address you already know manually in the address bar rather than clicking on the link to the site.

How to recognize phishing e-mails: 

  • The spelling in links is often similar but not identical to the address of the real site. It may just be one letter out, e.g. swissocm.ch instead of swisscom.ch.
  • The site looks genuine at first glance, but not all the menu links work.
  • The e-mail contains spelling mistakes.
  • The sender’s name looks genuine, but the e-mail address doesn’t.
  • The e-mail isn’t written in the language normally used by a company or organization you occasionally exchange e-mail correspondence with. If you communicate with your bank in German, for example, there should be no reason for the bank to suddenly write to you in English. 
  • The e-mail doesn’t contain a personal greeting.
  • The text of the e-mail pressures you into carrying out its instructions as quickly as possible.

What’s the difference between phishing and malware e-mails?

Lukas Keller: Both are e-mail-based forms of attack. The main difference is that a phishing attack is intended to direct you to a website where you enter details that are then saved and misused. Malware e-mails, meanwhile, are intended to infect your computer. What usually happens is that malware is “hidden” in a supposedly harmless attachment like a PDF or Word document. When you click on the attachment, the program installs itself in the background. The aim of this kind of program is either to delete data from your computer or to track down specific data and send it to the cybercriminals.  

A study by AXA revealed that online risks in particular – such as viruses, data misuse, and hacking – pose a real threat to its customers. Does this match your experience? 

Katrin Sprenger: It certainly wouldn’t be right to generalize here. In our experience, there’s often a discrepancy between the risks a user perceives and those that can actually occur in a worst-case scenario. One reason for this is that users protect themselves first and foremost from what they perceive to be a real threat. If, for example, you’re worried about your credit card details being stolen, you’ll take great care with them when shopping online, but you might still get caught out by a fake shop. 

Here’s another example: most people can cope with losing CHF 100. Putting a number to a risk makes it real for us. On the other hand, it’s difficult for most people to imagine themselves as victims of cyberbullying and envisage the financial and indeed psychological damage it can cause. It’s so abstract that they don’t perceive it as real.  Nevertheless, our experience shows that the effects of bullying are much worse than a mere financial loss.  

Cybercrime glossary

  • Phishing: Attempting to obtain victims’ personal details through fake e-mails or websites in order to commit identity theft and make money illegally as fast as possible.
  • Hacking: One or more hackers exploiting gaps in security to break into a third party’s computer system and manipulate, delete or steal data.
  • Malware: Short for malicious software, i.e. programs developed to carry out unexpected, unwelcome, and even damaging functions on a target system.
  • Trojan: A type of malware disguised as a useful application that carries out a different, normally damaging function in the background without the user knowing.
  • Cyberbullying: Insulting, defaming, coercing, threatening or harassing people via social media, websites, chatrooms, instant messaging or cellphone.
  • Fake shop: Supposed e-commerce website falsified by fraudsters to make money from online shoppers.
  • Identity theft: Misuse of personal details, i.e. the identity of an individual, by third parties for fraudulent purposes.

Associated articles

AXA & You

Contact Report a claim Broker Job vacancies myAXA Customer reviews Garage portal

AXA worldwide

AXA worldwide

Stay in touch

DE FR IT EN Terms of use Data protection © {YEAR} AXA Insurance Ltd.

We use cookies and analysis tools to improve the user friendliness of the Internet website and personalise the advertising of AXA and advertising partners. More details: Data protection