How to protect yourself from phishing emails, and what to do if you have been scammed.

Phishing is a fraudulent occurrence, whereby criminals attempt to obtain passwords and other sensitive information by sending fake emails to a large number of people. These emails may claim to come from reputable sources such as banks, authorities or other trusted organisations.

The main aim of fraudsters is to steal money, whether directly through your e-banking account or indirectly by misusing your personal information for fraudulent purposes.

Phishing emails are often done very well, which can make them difficult to distinguish from real emails. However, there are a few things you can do to protect yourself from them:

To recognise phishing emails, you should pay attention to the following features:

• The email is often written in poor English or another language, and it may have unusual wording or grammatical errors.
• So-called “phishers” frequently use fake email addresses. You should therefore take a close look at the sender’s address: If you find spelling mistakes or unusual characters, it is very likely to be an attempted scam.
• The email will ask you to provide your password or other confidential information. Reputable companies would never do this.
• You are pressured to click on a link and log into a website.
• There is often a sense of urgency conveyed, and the suggestion that you should act immediately.

To protect yourself from phishing emails, you should take the following measures:

• Be suspicious of emails you are not expecting and delete suspicious messages without clicking on links or attachments.
• Do not open links or documents in emails from unknown senders.
• Never give out sensitive information such as passwords, usernames, or credit card numbers via email or on questionable websites.
• If you are uncertain: Check the sender carefully by visiting the official website of the service directly in the browser. We also recommend contacting the sender to confirm the authenticity of a message. However, use official contact details, which you can usually easily find if you google the sender. Avoid relying on contact information or, worse still, links included in the email in question. If you are unsure about links, look at the URL of the link by hovering over it (without clicking). If it does not match the official website, do not click on it.

If you fall victim to a phishing attack, you should take the following steps:

• Disconnect your Internet connection immediately. If you have a Wi-Fi connection, go to the Wi-Fi settings to disconnect or turn off the router. If you are connected via a LAN cable, simply unplug it to interrupt the connection and prevent further data transfers. This will help you prevent possible unauthorised access and malicious activity.
• Then run a virus scan on your device using antivirus software. If malware is identified on your computer, it is recommended you consult an expert.
• Report the incident to the service providers involved, such as your bank or email provider, and change your passwords straight away.
• If financial loss has already occurred, contact the financial institution concerned.
• Contact the police with regard to criminal proceedings.
• Report phishing mails to reports@antiphishing.ch, so that the National Centre for Cybersecurity is notified of the incident. Alternatively, you can use the reporting form of the NCSC (National Centre for Cybersecurity).