At home

Cybercrime: how to protect yourself against hacking, phishing, etc.

Share on Facebook Share on Twitter Share on LinkedIn Share on Xing Share by email

Alarming figures indeed: according to the Federal Statistical Office (FSO), some 350,000 Swiss people have fallen victim to online credit card fraud in 2021. Just as many have lost personal documents through virus attacks. On social networks, “Swiss” data are targeted by hackers more often than the European average.

  • Teaser Image
    Silenccio

    Silenccio has been working with AXA since 2019. We spoke to Katrin Sprenger (CEO) and Lukas Keller (CFO) from the Zurich-based start-up Silenccio about how users can spot threats and risks on the Internet and protect themselves against online fraudsters’ fiendish tricks.

Why is cybercrime on the rise?

Katrin Sprenger: It’s safe to assume that the risk of being a victim of cybercrime may increase as Internet use grows. Browsing, shopping, and socializing online are becoming more and more popular and are already part of many people’s daily routine. Whereas people were still very weary just a few years ago as regards entering their credit card details, for example, they now do it a lot, often without a second thought. Both of these factors play into the hands of cybercriminals.

Smishing – phishing by text message

Do you keep getting text messages saying that you have to pay a small customs fee so that your package can be delivered?

This type of smishing (phishing via SMS text message) has become very common. People are finding it harder and harder these days to keep track of all the deliveries they're expecting. Fraudsters are taking advantage of this by sending out text messages with a link to a website that allows you to make small payments with your credit card. The real risk to anyone who follows the link isn't the payment itself, which is usually less than CHF 5, but the fact that they're handing over their credit card details.

The criminals get the cardholder's name, the card number, and the CVV code and can, in the worst-case scenario, use these to "max out" the card by using up the full credit limit.

 

How can you tell whether a text message you've received is genuine or fake?

It's usually more or less impossible to tell the difference based on the message alone, but the big delivery companies like DHL and Swiss Post generally notify you about deliveries by e-mail. The e-mail contains a link to a page on which you can track the packages you're waiting for and check for outstanding payments.

We recommend setting up a customer account with the delivery company. If you receive a text message, log in and check whether there are any amounts still to be paid on the deliveries you're expecting. 

We’ve seen a spate of warnings about phishing e-mails recently. Lukas Keller, what can happen if I open them?

Lukas Keller: Opening a phishing e-mail isn’t a problem in itself. The danger arises when you click on a link in the e-mail without thinking and enter confidential information when prompted. Then the criminals have got what they want: your personal access details. I recommend erring on the side of caution: when you get an e-mail from your bank, for instance, enter the website address you already know manually in the address bar rather than clicking on the link to the site.

What’s the difference between phishing and malware e-mails?

Lukas Keller: Both are e-mail-based forms of attack. The main difference is that a phishing attack is intended to direct you to a website where you enter details that are then saved and misused. Malware e-mails, meanwhile, are intended to infect your computer. What usually happens is that malware is “hidden” in a supposedly harmless attachment like a PDF or Word document. When you click on the attachment, the program installs itself in the background. The aim of this kind of program is either to delete data from your computer or to track down specific data and send it to the cybercriminals.  

Doxing, fuzzing, pharming? In our cybercrime glossary, we explain the most important offences in the field of cybercrime.

How to recognize phishing e-mails:

  • The spelling in links is often similar but not identical to the address of the real site. It may just be one letter out, e.g. swissocm.ch instead of swisscom.ch.
  • The site looks genuine at first glance, but not all the menu links work.
  • The e-mail contains spelling mistakes.
  • The sender’s name looks genuine, but the e-mail address doesn’t.
  • The e-mail isn’t written in the language normally used by a company or organization you occasionally exchange e-mail correspondence with. If you communicate with your bank in German, for example, there should be no reason for the bank to suddenly write to you in English. 
  • The e-mail doesn’t contain a personal greeting.
  • The text of the e-mail pressures you into carrying out its instructions as quickly as possible.

Always remember that serious online providers – including banks – will never send you an e-mail asking you to enter your login details on a website.

Lukas Keller, co-founder and CTO of Silenccio

What are the biggest digital threats for people working from home?

With more and more people working from home these days, cyber criminals have changed their tactics and are increasingly trying to take advantage of IT weaknesses in the home, where it's virtually impossible to ensure the same level of security as at a company office. These threats aren't new, but they've taken on much greater significance as a result of large numbers of people making the shift to remote working in a short space of time.

It all starts with the hardware. Many companies didn't have a laptop for every single member of staff, so they allowed their staff to use their own devices. This led to lots of people working on outdated machines with poor security, lacking the latest updates or even a virus scanner, which open the door to hackers seeking unauthorized access to data.

Since internet access is essential for working from home, people tend to use their existing Wi-Fi network. Unfortunately, everyone knows that people deliberately set simple passwords for their home network so they can easily pass them on to their visitors. This makes them easy to crack, allowing hackers to gain access to confidential data or infect computers with viruses and Trojans.

The third big threat concerns e-mail. Staff working from home face a constant barrage of phishing e-mails, most of which are intended to steal secure data using malware or false information. Hackers still send links to fake websites or fake e-mails purporting to be from a known sender such as the recipient’s boss. It's often the human factor that's the problem here more than IT security, as has always been the case: people open phishing e-mails because they're unsure, download harmful attachments to their computer without thinking or obliviously tell people posing as IT support their passwords.

E-mail applications, especially those on mobile devices, frequently have vulnerabilities too, and these allow cyber criminals to hack into them and gain access to data.

How can I protect myself and my company PC from cyber criminals?

People who work from home have to take more responsibility for security because their company's IT administrators aren't there to help them. It's especially important to make sure each and every employee is aware of this, but putting the right security measures in place in the home working environment is also vital.

The most important one, as ever, is installing a comprehensive security software package that will protect against many of the threats outlined above – although 100% protection can never be guaranteed.

At the same time, unauthorized third parties must not be given access to hardware used to work from home. Ideally, company laptops and phones should be put in standby mode and locked with a password when not in use and kept out of the reach of others. 

Tips for working from home safely:

  • Set a strong Wi-Fi password.
  • Choose a secure name for the Wi-Fi network that doesn't give away who owns it.
  • Activate network encryption.
  • Cover up your webcam when you're not using it, for example by sliding the cover closed if it has one.
  • Don't give anyone else your passwords. If you absolutely must give someone your password, do it in a video call so that you can see them and make sure you're giving your password to the right person.

What can I do if I’ve fallen victim to credit card fraud?

Lukas Keller: Online credit card fraud isn’t much different from physically stealing the card itself. That’s why the very first step must be to have the card blocked. The problem on the Internet is that several transactions might have already been booked to the card by the time you realize that your details have been stolen. Look closely at each booking, go to the sites concerned, and try to get the orders canceled.

On some sites, you can see the IP address and location the order was placed from. If, for example, a transaction was made from Brazil, but you can prove that you were in Switzerland at the time, most website operators will show goodwill. It the transactions can’t be canceled, you’ll need to contact your credit card provider. They’ll cover the cost in most cases. 

How often should I change my password for e-banking or my favorite online shops?

Lukas Keller: Your first question shouldn’t be “How often should I change my password?” but “How strong is my password?” If your password’s “1234”, it can be hacked much more quickly than one made up of eight or more letters, numbers, and special characters. Most devices these days suggest a secure password like this whenever you set up a new account. On top of this, it’s always a good idea to use two-factor authentication where it’s offered. If you also change your passwords for sites you use regularly every six to eight weeks, you should be safe. 

  • Teaser Image
    Creating a secure password

    E-banking, your favorite online shops, and e-mail accounts: passwords are now an essential part of our digital lives. Katrin Sprenger explains how to create a strong password and avoid mistakes and sheds light on some useful tools for storing passwords.

    FIND OUT MORE

Figures on digital offenses

Switzerland's Federal Statistical Office contained figures on cyber crime for the first time in 2021:

  • 24,398 digital offenses were reported (compared with around 32,000 burglaries and walk-in thefts).
  • These are split into three areas: defamation (5.1%), sex offenses (10.7%), and financial crime (84.2%).
  • Some 16,000 cyber crime cases involved fraud – mostly in connection with online shops, property advertisements, and love scams.
  • Around 16,000 victims were registered (42% female, 58% male).
  • The solution rate was 31.6%. 

According to Statista (in German), there was a sharp rise in the number of cyber cases in Switzerland during the first few weeks of 2021. A total of 832 cases of cyber crime were reported to the National Cyber Security Centre (NCSC) in calendar week 41 (October 11-17), 292 of which involved fraud.

According to a study by the Federal Statistical Office, Swiss people are affected by cybercrime very frequently by European standards. Why?

Lukas Keller: The FSO believes the main reason is that the Swiss are so lax when it comes to protecting their data. In 2019, only two thirds of users were using security software, down from three quarters in 2014.

I think it can also be explained by a combination of three factors. Firstly, Switzerland was quick to embrace the digital age, so it has a large number of potential targets despite its relatively small population. Secondly, high income levels make the Swiss attractive targets for cybercriminals.

Add in users’ general sense of security, which makes them complacent about protecting their own online data, and this could be why Swiss people fall victim to cybercrime more often than other Europeans. 

In your view, are there any online threats that are being completely underestimated or that people don’t even know about?

Katrin Sprenger: One of the most frequently underestimated threats is identity theft. That’s when criminals steal personal details such as your date of birth, address, and perhaps even a scan of your ID or birth certificate. They can get hold of these relatively quickly if they succeed in hacking your e-mail account. Most of us have sent a scan of one of these documents by e-mail at some point. The criminals then piece together the victim’s identity and offer it for sale on the Darknet or can use it to conclude contracts in the victim’s name. Their main aim is to make money from these stolen identities. 

Associated articles

AXA & You

Contact Report a claim Broker Job vacancies myAXA Login Customer reviews Garage portal myAXA FAQ

AXA worldwide

AXA worldwide

Stay in touch

DE FR IT EN Terms of use Data protection / Cookie Policy © {YEAR} AXA Insurance Ltd

We use cookies and analysis tools to improve your user experience, to personalize advertising by AXA and our advertising partner companies, and to provide social media functions. Unfortunately you cannot change your cookie settings via our Cookie Preference Center if you use Internet Explorer 11. If you would like to change your settings, please use an up-to-date browser. By using our website with this browser, you consent to the use of cookies. Data protection / Cookie Policy