Alarming figures indeed: according to the Federal Statistical Office (FSO), some 350,000 Swiss people have fallen victim to online credit card fraud in the past 12 months. Just as many have lost personal documents through virus attacks. On social networks, “Swiss” data are targeted by hackers more often than the European average.
We spoke to Katrin Sprenger and Lukas Keller from the Zurich-based start-up Silenccio about how users can spot threats and risks on the Internet and protect themselves against online fraudsters’ fiendish tricks. Silenccio has been working with AXA since 2019. Its innovative online service offers private users and companies alike help and protection in connection with bullying, hacking, phishing, and shopping on the Internet.
Katrin Sprenger: It’s safe to assume that the risk of being a victim of cybercrime may increase as Internet use grows. Browsing, shopping, and socializing online are becoming more and more popular and are already part of many people’s daily routine. Whereas people were still very weary just a few years ago as regards entering their credit card details, for example, they now do it a lot, often without a second thought. Both of these factors play into the hands of cybercriminals.
Lukas Keller: The FSO believes the main reason is that the Swiss are so lax when it comes to protecting their data. In 2019, only two thirds of users were using security software, down from three quarters in 2014.
I think it can also be explained by a combination of three factors. Firstly, Switzerland was quick to embrace the digital age, so it has a large number of potential targets despite its relatively small population. Secondly, high income levels make the Swiss attractive targets for cybercriminals.
Add in users’ general sense of security, which makes them complacent about protecting their own online data, and this could be why Swiss people fall victim to cybercrime more often than other Europeans.
Lukas Keller: Your first question shouldn’t be “How often should I change my password?” but “How strong is my password?” If your password’s “1234”, it can be hacked much more quickly than one made up of eight or more letters, numbers, and special characters. Most devices these days suggest a secure password like this whenever you set up a new account. On top of this, it’s always a good idea to use two-factor authentication where it’s offered. If you also change your passwords for sites you use regularly every six to eight weeks, you should be safe.
Katrin Sprenger: One of the most frequently underestimated threats is identity theft. That’s when criminals steal personal details such as your date of birth, address, and perhaps even a scan of your ID or birth certificate. They can get hold of these relatively quickly if they succeed in hacking your e-mail account. Most of us have sent a scan of one of these documents by e-mail at some point. The criminals then piece together the victim’s identity and offer it for sale on the Darknet or can use it to conclude contracts in the victim’s name. Their main aim is to make money from these stolen identities.
The biggest financial losses come from risks directly related to the flow of money, such as bank accounts being hacked.
Lukas Keller: Online credit card fraud isn’t much different from physically stealing the card itself. That’s why the very first step must be to have the card blocked. The problem on the Internet is that several transactions might have already been booked to the card by the time you realize that your details have been stolen. Look closely at each booking, go to the sites concerned, and try to get the orders canceled.
On some sites, you can see the IP address and location the order was placed from. If, for example, a transaction was made from Brazil, but you can prove that you were in Switzerland at the time, most website operators will show goodwill. It the transactions can’t be canceled, you’ll need to contact your credit card provider. They’ll cover the cost in most cases.
Always remember that serious online providers – including banks – will never send you an e-mail asking you to enter your login details on a website.
Lukas Keller: Opening a phishing e-mail isn’t a problem in itself. The danger arises when you click on a link in the e-mail without thinking and enter confidential information when prompted. Then the criminals have got what they want: your personal access details. I recommend erring on the side of caution: when you get an e-mail from your bank, for instance, enter the website address you already know manually in the address bar rather than clicking on the link to the site.
Lukas Keller: Both are e-mail-based forms of attack. The main difference is that a phishing attack is intended to direct you to a website where you enter details that are then saved and misused. Malware e-mails, meanwhile, are intended to infect your computer. What usually happens is that malware is “hidden” in a supposedly harmless attachment like a PDF or Word document. When you click on the attachment, the program installs itself in the background. The aim of this kind of program is either to delete data from your computer or to track down specific data and send it to the cybercriminals.
Katrin Sprenger: It certainly wouldn’t be right to generalize here. In our experience, there’s often a discrepancy between the risks a user perceives and those that can actually occur in a worst-case scenario. One reason for this is that users protect themselves first and foremost from what they perceive to be a real threat. If, for example, you’re worried about your credit card details being stolen, you’ll take great care with them when shopping online, but you might still get caught out by a fake shop.
Here’s another example: most people can cope with losing CHF 100. Putting a number to a risk makes it real for us. On the other hand, it’s difficult for most people to imagine themselves as victims of cyberbullying and envisage the financial and indeed psychological damage it can cause. It’s so abstract that they don’t perceive it as real. Nevertheless, our experience shows that the effects of bullying are much worse than a mere financial loss.